Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.04.2015, 14:11   #1
paradog
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Hallo,

In den letzten Wochen kam es hin und wieder vor, dass wenn ich einen neuen Tab geöffnet habe und aus der in der Browserzeile integrierten Googlesuche eine Suche gestartet habe, eine Captcha Abfrage von Google kam, da sehr laut Google sehr viele Anfragen von meinem System aus eingingen.
War aber nicht bei jeder Suche so, deswegen dachte ich erst mal nichts böses.
Heute kam, als ich mich bei Youtube anmelden wollte, die Meldung jemand hätte versucht sich mit meinem Passwort von wo anders aus anzumelden, ich sollte deswegen doch bitte mein Passwort ändern.

Mails gecheckt, Nachricht von Twitch.tv, da wäre das gleiche passiert, obwohl ich den Account seit über nem Jahr nicht mehr nutze. Habe bei Twitch aber die gleiche Mail-Adresse wie bei Youtube verwendet. Ob das alte Passwort da das gleiche war wie das alte Youtube Passwort kann ich nicht sagen.


Hab dann jedenfalls mal Malwarebytes laufen lassen.
Hier die logfiles:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 10:34:58
Logdatei: mwb,amh,prfg1.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.19.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: WB

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 440982
Verstrichene Zeit: 26 Min, 20 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 5
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, , [c2aca2cc8208ca6c5ab60639a261da26], 
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], 
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [135b1d510c7e68ce04423306c53e6997], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, , [7ef0274777135adc506e32ac917204fc], 

Registrierungswerte: 5
Trojan.Agent.Gen, HKU\S-1-5-21-891635277-1297341078-1701692141-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Microsoft Firewall 2.9, C:\Users\WB\AppData\Roaming\WMPRWISE.EXE, , [80ee2a44c9c1c37323921a1d689c5ea2]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [a1cd125c3456ee488dd987ca41c4a060]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [6707bfaf47439c9ae87e2f2218ed5da3]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [e18d70feb9d171c5b2b4dc7580850df3]
PUP.Optional.Babylon.A, HKU\S-1-5-21-891635277-1297341078-1701692141-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://search.babylon.com/?q={searchTerms}&tt=110112_ncp3&babsrc=SP_def&mntrId=62b5607700000000000000a1b0258e8b, , [77f71d51d4b6a19580e657fa14f150b0]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 32
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa, , [c9a594da0c7e1c1ace31160124e13fc1], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [d5990c621971e650ea2e0baf020139c7], 

Dateien: 129
Trojan.Ransom.Gend, C:\Users\WB\AppData\Roaming\ntuser.dat, , [beb0f07e73175cdad50f1c1fac55e21e], 
Trojan.BitMiner, C:\Users\WB\AppData\Roaming\aloj\scvhost.exe, , [3d31650994f6d1652748df02649e30d0], 
Trojan.BitMiner, C:\Users\WB\AppData\Roaming\casa\scvhost.exe, , [15590b636f1bd75f4b2436ab8f73f20e], 
Trojan.BitMiner, C:\Users\WB\AppData\Local\Temp\webyeryb3460vavaw.exe, , [a4ca80ee0b7f2f07e38c25bc877b7888], 
Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\webyeryb3461vavaw.exe, , [6b03b8b67515b581e83425f11ae7d729], 
Backdoor.Agent.WLMS, C:\Users\WB\AppData\Local\Temp\webyeryb3462vavaw.exe, , [f5792549a7e3f93d6f9f0d11936eba46], 
PUP.Optional.OpenCandy, C:\Users\WB\AppData\Local\Temp\2dcd1d63cb45e6613582211c3d5f4b23.exe, , [323c6b03cdbd3ef8236663c48680d62a], 
Trojan.Agent.ED, C:\Users\WB\AppData\Local\Temp\rtmw3.exe, , [4d213e302268e05615777294936ec33d], 
Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\1003398.Uninstall\Uninstall.exe, , [b0bef6786e1c4cea4ee24f57c53b6c94], 
PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is1972027439\dealply.exe, , [81ed1f4fb6d4c472411c5ec9c640fc04], 
PUP.Optional.Dealply, C:\Users\WB\AppData\Local\Temp\is2063840535\dealply.exe, , [1e50046ab8d23402f96452d51ee8fb05], 
Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp165b2a09\qw.exe, , [9bd39fcfa8e2cb6ba92e3752b24f45bb], 
PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\A036546C-BAB0-7891-85D2-4A11532196B4\MyBabylonTB.exe, , [6fff303e3c4ef2447cd6ea5ea75acd33], 
Adware.InstallCore, C:\Users\WB\AppData\Local\Temp\ICReinstall\AudioConverterSetup.exe, , [c8a648267e0cd16568c8c4e29c6448b8], 
PUP.Optional.BabylonToolBar.A, C:\Users\WB\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe, , [84ea462886048babc092f157bc45966a], 
Virus.Expiro, C:\Users\WB\AppData\Local\Temp\tmp64e3122f\74.exe, , [6608d896048685b132a58801897811ef], 
Exploit.Drop.GS, C:\Users\WB\AppData\Local\Temp\webyeryb3463vavaw.exe, , [cea05e107416e254b621d15a94709868], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\miner.php, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\API.class, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\bio.bat, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diablo121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\diakgcn121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libblkmaker_jansson-0.1-0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libcurl-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libjansson-4.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\libusb-1.0.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pdcurses.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\phatk121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\poclbm121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\pthreadGC2.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\scrypt121016.cl, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\aloj\zlib1.dll, , [c3ab630b8a000531bb3c1afd1fe643bd], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\miner.php, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\1.bat, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\API.class, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diablo121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\diakgcn121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\guni.bat, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libblkmaker_jansson-0.1-0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libcurl-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libjansson-4.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\libusb-1.0.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pdcurses.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\phatk121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\poclbm121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\pthreadGC2.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\scrypt121016.cl, , [c9a594da0c7e1c1ace31160124e13fc1], 
Trojan.BitcoinMiner, C:\Users\WB\AppData\Roaming\casa\zlib1.dll, , [c9a594da0c7e1c1ace31160124e13fc1], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\background.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.css, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_freeyoutubedownload.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo.ico, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_128.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_32.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\dvs_logo_48.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\errorRunProgramm.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\manifest.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\options.js, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\page_action.html, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\backbar.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\download.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\fs.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\headphone.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\logo.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\manager.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeDownloader.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\images\YoutubeToMp3.png, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\de\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\en\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW\messages.json, , [1a5481edf991a1955942c1e87d8616ea], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, , [d5990c621971e650ea2e0baf020139c7], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml, , [d5990c621971e650ea2e0baf020139c7], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Sieht so aus, als hätte jemand meinen PC irgendwie zum Bitcoin minen missbraucht, der sich unter „scvhost.exe” versteckt hat. Der eigentliche Windows Prozess heißt ja svchost..



Nachdem ich auf ich bei Malwarebytes auf „Entfernen” gedrückt und die Logfile gespeichert habe, Hitman laufen lassen, der auch noch einiges gefunden:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-04-19 11:19:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 39m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81

   Objects scanned . . . : 6.094.314
   Files scanned . . . . : 74.019
   Remnants scanned  . . : 555.108 files / 5.465.187 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F782C0 +0
   Solution
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 938.9 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.5 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.6 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.7 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Babylon\ (Babylon)
   C:\Program Files\Babylon\ (Babylon)
   C:\Program Files\Babylon\Babylon-Pro\ (Babylon)
   C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon)
      Size . . . . . . . : 129.536 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:48)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0
      Product  . . . . . : BabylonHelper
      Publisher  . . . . : Babylon
      Description  . . . : Support for 64-bit OS
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Babylon.com  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon)
      Size . . . . . . . : 286.208 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:46)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB
      Product  . . . . . : Babylon Client
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Babylon Information Tool
      Version  . . . . . : 9.0.3.12
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Administrator\AppData\Local\Babylon\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon)
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon)
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
         

Logfile nach der Bereinigung durch Hitman:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-19 11:19:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 39m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81

   Objects scanned . . . : 6.094.314
   Files scanned . . . . : 74.019
   Remnants scanned  . . : 555.108 files / 5.465.187 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F782C0 +0
   Solution
      DriverObject . . . : FFFFFA8004B34700
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AF7D08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 938.9 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.5 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.6 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.5 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.3 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.7 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Babylon\ (Babylon) -> Deleted
   C:\Program Files\Babylon\ (Babylon) -> Deleted
   C:\Program Files\Babylon\Babylon-Pro\ (Babylon) -> Deleted
   C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe (Babylon) -> Deleted
      Size . . . . . . . : 129.536 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:48)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 5E68C077375F4F06357CA19F1894DAA4966EEC1864A16D033B6C4F32380F57E0
      Product  . . . . . : BabylonHelper
      Publisher  . . . . : Babylon
      Description  . . . : Support for 64-bit OS
      Version  . . . . . : 1.0.0.1
      Copyright  . . . . : Babylon.com  All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Program Files\Babylon\Babylon-Pro\captlib64.dll (Babylon) -> Deleted
      Size . . . . . . . : 286.208 bytes
      Age  . . . . . . . : 1183.4 days (2012-01-22 02:24:46)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 85108948A6DD19929799100C0868C6B51499C77608D3249A3E59306DAF586BDB
      Product  . . . . . : Babylon Client
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Babylon Information Tool
      Version  . . . . . : 9.0.3.12
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2011
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 0.0

   C:\Users\Administrator\AppData\Local\Babylon\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.conf (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\BabylonTC.log (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\FLStat.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\log_file.txt (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\MyList.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\ocr_cache (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\ (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\convert.dat (Babylon) -> Deleted
   C:\Users\Administrator\AppData\Roaming\Babylon\updates\rates.dat (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Prod.cap\ (Claro) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Software\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\Wow6432Node\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon) -> PendingDelete
   HKU\S-1-5-21-891635277-1297341078-1701692141-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
   HKU\S-1-5-21-891635277-1297341078-1701692141-500\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon) -> Deleted
         




Und nochmal Hitman, nach dem anschließenden Neustart:
Code:
ATTFilter
HitmanPro 3.7.9.240
www.hitmanpro.com

   Computer name . . . . : WB-PC
   Windows . . . . . . . : 6.0.2.6002.X64/3
   User name . . . . . . : WB-PC\WB
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-04-19 12:44:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 20m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 15

   Objects scanned . . . : 5.820.298
   Files scanned . . . . : 73.424
   Remnants scanned  . . : 550.289 files / 5.196.585 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8004A80E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA8003F752C0 +0
   Solution
      DriverObject . . . : FFFFFA8004A80E70
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA6000AFCD08 \SystemRoot\system32\drivers\ataport.SYS+19720

Suspicious files ____________________________________________________________

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
      Size . . . . . . . : 948.118 bytes
      Age  . . . . . . . : 1177.4 days (2012-01-28 02:37:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002291.dll
      Size . . . . . . . : 965.329 bytes
      Age  . . . . . . . : 1109.8 days (2012-04-04 16:39:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CAE3128772295AC4F1179B881A00B061DB00505275CB258F9F0C84CC1DF9B2A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1108.5 days (2012-04-05 23:42:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 939.0 days (2012-09-22 12:58:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002325.dll
      Size . . . . . . . : 959.376 bytes
      Age  . . . . . . . : 792.6 days (2013-02-15 22:49:05)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A85592ACDCFDA7C0293504A5F5279C2654ACC0E6D2398ED8958F6E03F05DCEB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 579.9 days (2013-09-16 14:26:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\dll\wc002344.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 1.014.616 bytes
      Age  . . . . . . . : 140.5 days (2014-11-30 00:24:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 64D8D164CC4FF898DDCCBD5D588E88AF2C1F7EA464C2B7519C78BF0D30CC6F24
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 1292.6 days (2011-10-04 22:08:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 956.681 bytes
      Age  . . . . . . . : 1163.7 days (2012-02-10 21:08:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.944 bytes
      Age  . . . . . . . : 1292.6 days (2011-10-04 22:08:40)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : E0AB414DBD7AA5888B861AE64B0F9674CED054C755502DDE124A91D6CD6CE97A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 139.552 bytes
      Age  . . . . . . . : 564.5 days (2013-10-02 00:28:43)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7A47CB7814643DAFDF81D3E2E03C60A162A49525962ECE651187371853E507E5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915.149 bytes
      Age  . . . . . . . : 1318.4 days (2011-09-09 03:11:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\WB\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138.264 bytes
      Age  . . . . . . . : 1318.4 days (2011-09-09 03:12:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\WB\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 733.004 bytes
      Age  . . . . . . . : 1276.8 days (2011-10-20 18:14:42)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8715126E77E8E6F98B4487C11B4656ADAC59145A86D56A0370F2FAE86E40FDC7
      Fuzzy  . . . . . . : 25.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         





Und nach dem Neustart auch noch mal Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.04.2015
Suchlauf-Zeit: 13:28:57
Logdatei: mwb,amh,prfg2.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.19.02
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: WB

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 440405
Verstrichene Zeit: 25 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 27
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\es, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\fr, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\it, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ja, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\nl, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pl, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\pt, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\ru, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\tr, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_CN, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\_locales\zh_TW, , [99d52d41dbaf2313eead2d7cd23144bc], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\BG, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\CZ, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\DE, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\EN, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\ES, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\FR, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\HE, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\IT, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\RU, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\SK, , [1f4fea842e5c8fa77b9df5c59d6643bd], 
PUP.Optional.ICQToolbar.A, C:\ProgramData\ICQ\ICQToolbar\XML\TR, , [1f4fea842e5c8fa77b9df5c59d6643bd], 

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         



Allerdings ist beim durchlaufen von sowohl von Hitman, als auch von Malwarebytes immer wieder eine Fenster von Avira aufgepopt, dass gesagt hat, der Zugriff auf diese oder jene Datei wäre verhindert worden.

Beispiel:
„Der Zugriff auf die Datei vqlyj.exe wurde verhindert, da sie die Schadsoftware tr/moure.a.19 enthält.” Nicht wortwörtlich so, aber vom Inhalt.

Hätte ich Avira Antivir bei den Durchläufen von Malwarebytes und Hitman ausschalten sollen?
Ich hab Antivir zwar installiert, bin mir aber nicht sicher, ob das nicht ein Fenster von einem Virus ist, der Antivir imitiert.



Wie ratet ihr mir weiter Vorzugehen?

Geändert von paradog (19.04.2015 um 14:22 Uhr)

Alt 19.04.2015, 14:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Hallo und

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.04.2015, 17:05   #3
paradog
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Hallo,

Danke für die Begrüßung und die schnelle Antwort


Avira habe ich beim FRST-Scan angelassen, war das richtig so?
In den Logfiles tauchte der Name eines Benutzerkontos auf, dass mit meinem Klarnamen benannt ist. Ich habe den Namen durch ****(Klarname) ersetzt.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by WB (administrator) on WB-PC on 19-04-2015 16:54:09
Running from E:\Images Programme
Loaded Profiles: WB (Available profiles: WB & ****(Klarname) & Administrator)
Platform: Windows Vista (TM) Home Basic Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(AnchorFree Inc.) D:\Programme\hotspotshield\Hotspot Shield\HssWPR\hsssrv.exe
() D:\Programme\hotspotshield\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Telefónica) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(LogMeIn Inc.) D:\Programme\Hamachi_2.0.3.115\hamachi-2.exe
(LogMeIn, Inc.) D:\Programme\Hamachi_2.0.3.115\LMIGuardianSvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe
() D:\Programme\Opera 12.12\28.0.1750.51\opera_crashreporter.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Opera Software) D:\Programme\Opera 12.12\28.0.1750.51\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => D:\Programme\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Run: [Google Update] => C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\MountPoints2: {23dedd29-eea1-11e0-bdf1-00252283b301} - J:\autorun.exe
HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\MountPoints2: {fe6c7ffe-bf48-11e0-a49a-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\PresentationPackage/PresentationPackage.html
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-891635277-1297341078-1701692141-1000] => 131.109.42.105:80
SearchScopes: HKU\S-1-5-21-891635277-1297341078-1701692141-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Programme\hotspotshield\Hotspot Shield\HssIE\HssIE_64.dll [2011-06-20] (AnchorFree Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> D:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-22] (DVDVideoSoft Ltd.)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> D:\Programme\hotspotshield\Hotspot Shield\HssIE\HssIE.dll [2011-06-20] (AnchorFree Inc.)
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Winsock: Catalog9 01 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

FireFox:
========
FF ProfilePath: C:\Users\WB\AppData\Roaming\Mozilla\Firefox\Profiles\igykqp3t.default
FF Homepage: about:newtab
FF NetworkProxy: "backup.ftp", "183.207.228.8"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "183.207.228.8"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "183.207.228.8"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "62.103.107.9"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "62.103.107.9"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "62.103.107.9"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "62.103.107.9"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 1
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> D:\Adobe Photoshop CS6\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> D:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Adobe Photoshop CS6\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-891635277-1297341078-1701692141-1000: @tools.google.com/Google Update;version=3 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-891635277-1297341078-1701692141-1000: @tools.google.com/Google Update;version=9 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF user.js: detected! => C:\Users\WB\AppData\Roaming\Mozilla\Firefox\Profiles\igykqp3t.default\user.js [2014-01-04]
FF Extension: ProxTube - Unblock YouTube - C:\Users\WB\AppData\Roaming\Mozilla\Firefox\Profiles\igykqp3t.default\Extensions\ich@maltegoetz.de [2014-05-01]
FF Extension: No Name - C:\Users\WB\AppData\Roaming\Mozilla\Firefox\Profiles\igykqp3t.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-12]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-10-25]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-12]
FF HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-23]
CHR Extension: (Avira Browser Safety) - C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-20]
CHR Extension: (No Name) - C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-04-27]
CHR Extension: (Google Wallet) - C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-20]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\WB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-30]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

Opera: 
=======
OPR Extension: (Download Chrome Extension) - C:\Users\WB\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2014-11-22]
OPR Extension: (YouTube Unblocker) - C:\Users\WB\AppData\Roaming\Opera Software\Opera Stable\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avmailc.exe [815352 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; D:\Programme\Antivir 13.0.0.2693\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 Hamachi2Svc; D:\Programme\Hamachi_2.0.3.115\hamachi-2.exe [2756944 2013-11-11] (LogMeIn Inc.)
S2 hshld; D:\Programme\hotspotshield\Hotspot Shield\bin\openvpnas.exe [287576 2011-09-03] ()
R2 HssSrv; D:\Programme\hotspotshield\Hotspot Shield\HssWPR\hsssrv.exe [363336 2011-05-27] (AnchorFree Inc.)
S3 HssTrayService; D:\Programme\hotspotshield\Hotspot Shield\bin\HssTrayService.EXE [77520 2011-09-03] ()
R2 HssWd; D:\Programme\hotspotshield\Hotspot Shield\bin\hsswd.exe [329544 2011-05-27] ()
S2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-30] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201344 2012-01-10] (Telefónica)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49520 2013-10-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73584 2013-10-10] (Cisco Systems, Inc.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-12-30] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2012-08-30] (Eugene V. Muzychenko) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-12-30] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2010-10-15] (ZTE Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 RT61; C:\Windows\System32\DRIVERS\RT61.sys [322560 2005-07-01] (Ralink Technology Inc.)
S3 RT61; C:\Windows\SysWOW64\DRIVERS\RT61.sys [380928 2006-05-04] (Ralink Technology Inc.) [File not signed]
S3 RTCore64; D:\Programme\MSI Afterburner\RTCore64.sys [14648 2010-08-31] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-10-04] () [File not signed]
R3 USBlyzer; C:\Windows\System32\DRIVERS\USBlyzer.sys [111688 2011-04-03] (USBlyzer Team)
U3 azdpidmv; C:\Windows\System32\Drivers\azdpidmv.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S0 amdide64; system32\DRIVERS\amdide64.sys [X]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 t3; system32\drivers\t3.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 16:51 - 2015-04-19 16:54 - 00000000 ____D () C:\FRST
2015-04-19 13:57 - 2015-04-19 14:12 - 00005250 _____ () C:\Users\WB\Desktop\mwb,amh,prfg2.txt
2015-04-19 13:05 - 2015-04-19 13:05 - 00032098 _____ () C:\Users\WB\Desktop\HitmanPro_20150419_1305.log
2015-04-19 12:27 - 2015-04-19 14:07 - 00098995 _____ () C:\Users\WB\Desktop\Beiträge.txt
2015-04-19 12:15 - 2015-04-19 12:15 - 00050140 _____ () C:\Users\WB\Desktop\HMP_20150419_1215.log
2015-04-19 12:10 - 2015-04-19 12:10 - 00015014 _____ () C:\Windows\system32\.crusader
2015-04-19 12:02 - 2015-04-19 12:02 - 00048414 _____ () C:\Users\WB\Desktop\HMP_20150419_1201.log
2015-04-19 11:37 - 2015-04-19 12:26 - 00028593 _____ () C:\Users\WB\Desktop\bakterien beitrag.odt
2015-04-19 11:15 - 2015-04-19 11:16 - 00420064 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI011F.txt
2015-04-19 11:15 - 2015-04-19 11:16 - 00012176 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI011F.txt
2015-04-19 11:14 - 2015-04-19 11:14 - 00434080 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI0051.txt
2015-04-19 11:14 - 2015-04-19 11:14 - 00012128 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI0051.txt
2015-04-19 11:06 - 2015-04-19 11:06 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-19 11:02 - 2015-04-19 11:02 - 00026475 _____ () C:\Users\WB\Desktop\mwb,amh,prfg1.txt
2015-04-19 10:34 - 2015-04-19 16:37 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 10:33 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-19 10:33 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-19 10:33 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 23:03 - 2015-03-14 04:22 - 01585248 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 23:03 - 2015-03-14 04:22 - 01168080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 23:03 - 2015-03-13 03:44 - 04691384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 23:03 - 2015-03-13 03:44 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 23:03 - 2015-03-13 03:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 23:03 - 2015-03-13 03:30 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 23:03 - 2015-03-13 03:30 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 23:03 - 2015-03-13 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 23:03 - 2015-03-13 03:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 23:03 - 2015-03-13 02:08 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 23:03 - 2015-03-13 02:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 23:03 - 2015-03-13 02:08 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 23:03 - 2015-03-05 04:25 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 23:03 - 2015-03-05 03:58 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 22:54 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 22:54 - 2015-03-09 02:40 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 22:54 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 22:54 - 2015-03-05 04:14 - 00360384 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 22:54 - 2015-03-05 03:58 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 22:11 - 2015-04-15 22:11 - 00000000 ____D () C:\Users\WB\AppData\Local\PDF24
2015-04-15 18:48 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 18:48 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 18:48 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 18:48 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 18:48 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 18:48 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 18:48 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-15 18:48 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 18:48 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 18:48 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-15 18:48 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-15 18:48 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-15 18:48 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 18:48 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 18:48 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 18:48 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 18:48 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 18:48 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 18:48 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 18:48 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 18:48 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 18:48 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 18:48 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-15 18:48 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 18:48 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 18:48 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-15 18:48 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-15 18:48 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-09 19:47 - 2015-04-09 19:47 - 00000619 _____ () C:\Users\WB\Desktop\UniDok 15 SS - Verknüpfung.lnk
2015-04-09 12:33 - 2015-04-09 12:33 - 00000000 ____D () C:\Program Files (x86)\Avira

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 16:45 - 2013-09-21 17:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 16:41 - 2008-01-21 03:52 - 01348893 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 16:38 - 2013-11-25 13:37 - 00000524 _____ () C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2015-04-19 16:37 - 2013-09-21 17:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 16:35 - 2006-11-02 17:35 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 16:35 - 2006-11-02 17:17 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 16:35 - 2006-11-02 17:17 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 15:01 - 2006-11-02 17:35 - 00032534 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-19 14:55 - 2012-08-30 04:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000UA.job
2015-04-19 12:31 - 2008-01-21 05:23 - 00539182 _____ () C:\Windows\PFRO.log
2015-04-19 10:30 - 2011-09-04 00:57 - 00000000 ____D () C:\Users\WB\AppData\Local\Adobe
2015-04-19 10:22 - 2011-10-19 19:50 - 00000000 ____D () C:\Users\WB\AppData\Local\LogMeIn Hamachi
2015-04-19 01:16 - 2015-01-27 14:56 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-18 22:55 - 2012-08-30 04:14 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000Core.job
2015-04-18 18:03 - 2013-05-25 11:49 - 00000000 ____D () C:\Users\WB\AppData\Local\Paint.NET
2015-04-15 23:01 - 2012-05-16 14:51 - 01729798 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 23:01 - 2008-01-21 11:48 - 01729798 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 23:01 - 2008-01-21 11:48 - 00740226 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 23:01 - 2008-01-21 11:48 - 00171328 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 23:00 - 2013-08-30 03:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 22:55 - 2006-11-02 14:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-15 22:47 - 2012-12-30 19:54 - 00000000 ____D () C:\Users\WB\Desktop\Neuer Ordner
2015-04-15 19:59 - 2014-11-21 02:19 - 00022529 _____ () C:\Users\WB\Desktop\Neues Textdokument.txt
2015-04-08 18:26 - 2014-11-05 20:03 - 00003888 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1415210620
2015-03-24 01:38 - 2011-10-09 20:57 - 00000000 ____D () C:\Users\WB\AppData\Roaming\vlc
2015-03-23 16:28 - 2012-12-24 13:25 - 00000000 ____D () C:\Users\WB\AppData\Roaming\Avira
2015-03-22 19:42 - 2011-09-04 17:27 - 00083456 _____ () C:\Users\WB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2011-09-05 01:16 - 2013-01-09 21:54 - 0001100 _____ () C:\Users\WB\AppData\Local\d3d8caps.dat
2011-09-03 16:40 - 2013-11-08 15:28 - 0001356 _____ () C:\Users\WB\AppData\Local\d3d9caps.dat
2011-08-05 12:07 - 2015-01-26 10:36 - 0000732 _____ () C:\Users\WB\AppData\Local\d3d9caps64.dat
2011-09-04 17:27 - 2015-03-22 19:42 - 0083456 _____ () C:\Users\WB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 13:17 - 2014-11-05 13:17 - 1050010 _____ () C:\Users\WB\AppData\Local\dd_ADONETEntityFrameworkTools_deu_MSI02DC.txt
2012-06-20 19:01 - 2012-06-20 19:02 - 0975722 _____ () C:\Users\WB\AppData\Local\dd_ADONETEntityFrameworkTools_deu_MSI1E7C.txt
2012-06-20 18:55 - 2012-06-20 18:55 - 0126006 _____ () C:\Users\WB\AppData\Local\dd_AspNetMVC2.msi19D4.txt
2014-11-05 13:00 - 2014-11-05 13:00 - 0124430 _____ () C:\Users\WB\AppData\Local\dd_AspNetMVC2.msi75BC.txt
2012-06-20 18:55 - 2012-06-20 18:55 - 0092908 _____ () C:\Users\WB\AppData\Local\dd_AspNetMVC2_LP_deu.msi19E7.txt
2014-11-05 13:00 - 2014-11-05 13:00 - 0091780 _____ () C:\Users\WB\AppData\Local\dd_AspNetMVC2_LP_deu.msi75FA.txt
2012-06-20 18:56 - 2012-06-20 18:57 - 0683248 _____ () C:\Users\WB\AppData\Local\dd_CrystalReportsTemplates1AE3.txt
2012-08-13 14:52 - 2012-08-13 14:54 - 0530996 _____ () C:\Users\WB\AppData\Local\dd_CrystalReportsTemplates5BBA.txt
2014-11-05 13:03 - 2014-11-05 13:04 - 0613148 _____ () C:\Users\WB\AppData\Local\dd_CrystalReportsTemplates7801.txt
2014-11-05 13:16 - 2014-11-05 13:16 - 0171598 _____ () C:\Users\WB\AppData\Local\dd_DACFramework_MSI0246.txt
2012-06-20 19:00 - 2012-06-20 19:00 - 0172752 _____ () C:\Users\WB\AppData\Local\dd_DACFramework_MSI1E31.txt
2014-11-05 13:16 - 2014-11-05 13:17 - 0652068 _____ () C:\Users\WB\AppData\Local\dd_DACProjectSystem_MSI0260.txt
2012-06-20 19:00 - 2012-06-20 19:00 - 0686574 _____ () C:\Users\WB\AppData\Local\dd_DACProjectSystem_MSI1E44.txt
2011-10-04 18:02 - 2011-10-04 18:02 - 0028162 _____ () C:\Users\WB\AppData\Local\dd_depcheckdotnetfx30.txt
2012-05-16 14:35 - 2012-08-14 15:23 - 0425285 _____ () C:\Users\WB\AppData\Local\dd_depcheck_VC_EXP_100.txt
2012-06-20 17:36 - 2012-08-13 16:42 - 1820618 _____ () C:\Users\WB\AppData\Local\dd_depcheck_VS_PRO_100.txt
2014-11-05 12:38 - 2014-11-05 13:18 - 0426106 _____ () C:\Users\WB\AppData\Local\dd_depcheck_VS_VSTS_100.txt
2012-06-20 18:57 - 2012-06-20 18:57 - 0144348 _____ () C:\Users\WB\AppData\Local\dd_DotfuscatorCE_LP_deu_MSI1BD4.txt
2012-08-13 14:52 - 2012-08-13 14:52 - 0118746 _____ () C:\Users\WB\AppData\Local\dd_DotfuscatorCE_LP_deu_MSI5BB0.txt
2014-11-05 13:04 - 2014-11-05 13:04 - 0137926 _____ () C:\Users\WB\AppData\Local\dd_DotfuscatorCE_LP_deu_MSI7947.txt
2014-11-05 13:03 - 2014-11-05 13:03 - 0212212 _____ () C:\Users\WB\AppData\Local\dd_DotfuscatorCE_MSI77ED.txt
2011-10-04 18:01 - 2011-10-04 18:02 - 0000718 _____ () C:\Users\WB\AppData\Local\dd_dotnetfx3error.txt
2011-10-04 18:01 - 2011-10-04 18:02 - 0032032 _____ () C:\Users\WB\AppData\Local\dd_dotnetfx3install.txt
2012-05-16 14:49 - 2012-05-16 14:49 - 0355762 _____ () C:\Users\WB\AppData\Local\dd_dw20shared_x86_msi2F39.txt
2012-05-16 14:34 - 2012-05-16 14:34 - 0000002 _____ () C:\Users\WB\AppData\Local\dd_error_vc_xcor_100.txt
2012-06-20 17:36 - 2012-06-20 18:31 - 0021060 _____ () C:\Users\WB\AppData\Local\dd_error_vs_procore_100.txt
2014-11-05 12:37 - 2014-11-05 13:18 - 0001282 _____ () C:\Users\WB\AppData\Local\dd_error_vs_vstscore_100.txt
2012-06-20 18:36 - 2012-06-20 18:36 - 0300058 _____ () C:\Users\WB\AppData\Local\dd_fsharpredist2.00BF0.txt
2014-11-05 12:41 - 2014-11-05 12:41 - 0313936 _____ () C:\Users\WB\AppData\Local\dd_fsharpredist2.06737.txt
2012-06-20 18:18 - 2012-06-20 18:18 - 0300062 _____ () C:\Users\WB\AppData\Local\dd_fsharpredist2.07D7C.txt
2012-06-20 18:57 - 2012-06-20 18:57 - 0235360 _____ () C:\Users\WB\AppData\Local\dd_fsharpredist2.0_lp_deu1BE5.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0236086 _____ () C:\Users\WB\AppData\Local\dd_fsharpredist2.0_lp_deu7955.txt
2012-08-13 16:22 - 2012-08-13 16:22 - 0254726 _____ () C:\Users\WB\AppData\Local\dd_HelpSetupLP_MSI205E.txt
2012-05-16 14:56 - 2012-05-16 14:56 - 0241656 _____ () C:\Users\WB\AppData\Local\dd_HelpSetupLP_MSI345D.txt
2012-08-14 15:26 - 2012-08-14 15:26 - 0241658 _____ () C:\Users\WB\AppData\Local\dd_HelpSetupLP_MSI43B4.txt
2012-08-13 16:22 - 2012-08-13 16:22 - 0019478 _____ () C:\Users\WB\AppData\Local\dd_HelpSetupLP_UI205E.txt
2012-08-13 16:22 - 2012-08-13 16:22 - 0314918 _____ () C:\Users\WB\AppData\Local\dd_HelpSetup_MSI2019.txt
2012-05-16 14:56 - 2012-05-16 14:56 - 0335540 _____ () C:\Users\WB\AppData\Local\dd_HelpSetup_MSI344A.txt
2012-08-14 15:26 - 2012-08-14 15:26 - 0335418 _____ () C:\Users\WB\AppData\Local\dd_HelpSetup_MSI4396.txt
2012-08-13 16:22 - 2012-08-13 16:22 - 0018208 _____ () C:\Users\WB\AppData\Local\dd_HelpSetup_UI2019.txt
2012-05-16 14:34 - 2012-08-14 15:37 - 1500208 _____ () C:\Users\WB\AppData\Local\dd_install_vc_xcor_100.txt
2012-06-20 17:36 - 2012-08-13 16:42 - 3931802 _____ () C:\Users\WB\AppData\Local\dd_install_vs_procore_100.txt
2014-11-05 12:37 - 2014-11-05 13:25 - 0977924 _____ () C:\Users\WB\AppData\Local\dd_install_vs_vstscore_100.txt
2012-05-16 14:53 - 2012-05-16 14:53 - 1539426 _____ () C:\Users\WB\AppData\Local\dd_netfx_dtp3204.txt
2012-08-14 15:23 - 2012-08-14 15:23 - 1539426 _____ () C:\Users\WB\AppData\Local\dd_netfx_dtp413A.txt
2014-11-05 13:05 - 2014-11-05 13:06 - 0576958 _____ () C:\Users\WB\AppData\Local\dd_Performance_Collection_Tools_x64_MSI7A08.txt
2014-11-05 12:41 - 2014-11-05 12:41 - 1496432 _____ () C:\Users\WB\AppData\Local\dd_PreReq_AMD64_MSI6717.txt
2012-06-20 18:17 - 2012-06-20 18:18 - 1511870 _____ () C:\Users\WB\AppData\Local\dd_PreReq_AMD64_MSI7D5E.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 0415900 _____ () C:\Users\WB\AppData\Local\dd_ProviderServices_amd64_MSI1C3D.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0403892 _____ () C:\Users\WB\AppData\Local\dd_ProviderServices_amd64_MSI799C.txt
2012-06-20 18:59 - 2012-06-20 19:00 - 1755986 _____ () C:\Users\WB\AppData\Local\dd_SharedManagementObjects_MSI1D56.txt
2012-06-20 19:00 - 2012-06-20 19:00 - 2778782 _____ () C:\Users\WB\AppData\Local\dd_SharedManagementObjects_MSI1DC5.txt
2014-11-05 13:07 - 2014-11-05 13:07 - 1723686 _____ () C:\Users\WB\AppData\Local\dd_SharedManagementObjects_MSI7B04.txt
2014-11-05 13:07 - 2014-11-05 13:08 - 2715788 _____ () C:\Users\WB\AppData\Local\dd_SharedManagementObjects_MSI7B76.txt
2012-06-20 18:55 - 2012-06-20 18:55 - 1502458 _____ () C:\Users\WB\AppData\Local\dd_silverlight_sdk.msi1A49.txt
2014-11-05 13:01 - 2014-11-05 13:01 - 1490206 _____ () C:\Users\WB\AppData\Local\dd_silverlight_sdk.msi76A3.txt
2014-11-05 13:17 - 2014-11-05 13:17 - 1574708 _____ () C:\Users\WB\AppData\Local\dd_SpTools_x86_deu029B.txt
2012-06-20 18:57 - 2012-06-20 18:57 - 0226676 _____ () C:\Users\WB\AppData\Local\dd_SQLCEToolsForVS2007_MSI1C02.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0219938 _____ () C:\Users\WB\AppData\Local\dd_SQLCEToolsForVS2007_MSI796F.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 0321032 _____ () C:\Users\WB\AppData\Local\dd_SqlPubWiz_14_msi1CB6.txt
2014-11-05 13:06 - 2014-11-05 13:06 - 0318698 _____ () C:\Users\WB\AppData\Local\dd_SqlPubWiz_14_msi7A49.txt
2012-06-20 18:58 - 2012-06-20 18:59 - 0531158 _____ () C:\Users\WB\AppData\Local\dd_SQLSysClrTypes_msi1CCD.txt
2012-06-20 18:59 - 2012-06-20 18:59 - 0517830 _____ () C:\Users\WB\AppData\Local\dd_SQLSysClrTypes_msi1D18.txt
2014-11-05 13:06 - 2014-11-05 13:06 - 0522966 _____ () C:\Users\WB\AppData\Local\dd_SQLSysClrTypes_msi7A6A.txt
2014-11-05 13:06 - 2014-11-05 13:07 - 0504964 _____ () C:\Users\WB\AppData\Local\dd_SQLSysClrTypes_msi7AC2.txt
2012-05-16 14:55 - 2012-05-16 14:56 - 0732182 _____ () C:\Users\WB\AppData\Local\dd_SSCERuntime_64_MSI3419.txt
2012-08-14 15:26 - 2012-08-14 15:26 - 0726914 _____ () C:\Users\WB\AppData\Local\dd_SSCERuntime_64_MSI437C.txt
2012-05-16 14:55 - 2012-05-16 14:55 - 0729470 _____ () C:\Users\WB\AppData\Local\dd_SSCERuntime_MSI33FB.txt
2012-08-14 15:26 - 2012-08-14 15:26 - 0724196 _____ () C:\Users\WB\AppData\Local\dd_SSCERuntime_MSI4365.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 0342932 _____ () C:\Users\WB\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI1C16.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0333086 _____ () C:\Users\WB\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI797F.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 1176298 _____ () C:\Users\WB\AppData\Local\dd_SyncSDK_amd64_MSI1C57.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 1168520 _____ () C:\Users\WB\AppData\Local\dd_SyncSDK_amd64_MSI79B0.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 0303510 _____ () C:\Users\WB\AppData\Local\dd_SyncServicesADO_amd64_MSI1C26.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0295830 _____ () C:\Users\WB\AppData\Local\dd_SyncServicesADO_amd64_MSI798F.txt
2014-11-05 12:42 - 2014-11-05 12:42 - 0519932 _____ () C:\Users\WB\AppData\Local\dd_TFS_ObjectModel_x64_MSI67DB.txt
2012-06-20 18:18 - 2012-06-20 18:18 - 0532474 _____ () C:\Users\WB\AppData\Local\dd_TFS_ObjectModel_x64_MSI7DE7.txt
2014-11-05 13:06 - 2014-11-05 13:06 - 0133786 _____ () C:\Users\WB\AppData\Local\dd_TraceDebugger_NativeBits_amd64_MSI7A36.txt
2014-11-05 13:17 - 2014-11-05 13:17 - 0182982 _____ () C:\Users\WB\AppData\Local\dd_TSqlLanguageService_MSI0287.txt
2012-06-20 19:01 - 2012-06-20 19:01 - 0184130 _____ () C:\Users\WB\AppData\Local\dd_TSqlLanguageService_MSI1E65.txt
2015-04-19 11:14 - 2015-04-19 11:14 - 0434080 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI0051.txt
2015-04-19 11:15 - 2015-04-19 11:16 - 0420064 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI011F.txt
2013-01-03 23:30 - 2013-01-03 23:31 - 0358666 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI0D34.txt
2013-01-03 23:31 - 2013-01-03 23:31 - 0350912 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI0D52.txt
2011-09-03 14:52 - 2011-09-03 14:52 - 0423600 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI0FAA.txt
2012-03-26 20:18 - 2012-03-26 20:19 - 0430168 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI1A7A.txt
2011-10-04 21:49 - 2011-10-04 21:49 - 0420602 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI448D.txt
2013-11-25 11:54 - 2013-11-25 11:55 - 0457634 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI7767.txt
2011-09-05 22:05 - 2011-09-05 22:05 - 0320816 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI776A.txt
2011-09-05 22:05 - 2011-09-05 22:05 - 0331710 _____ () C:\Users\WB\AppData\Local\dd_vcredistMSI7777.txt
2015-04-19 11:14 - 2015-04-19 11:14 - 0012128 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI0051.txt
2015-04-19 11:15 - 2015-04-19 11:16 - 0012176 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI011F.txt
2013-01-03 23:30 - 2013-01-03 23:31 - 0011442 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI0D34.txt
2013-01-03 23:31 - 2013-01-03 23:31 - 0011394 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI0D52.txt
2011-09-03 14:52 - 2011-09-03 14:52 - 0011682 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI0FAA.txt
2012-03-26 20:18 - 2012-03-26 20:19 - 0011450 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI1A7A.txt
2011-10-04 21:49 - 2011-10-04 21:49 - 0011386 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI448D.txt
2013-11-25 11:54 - 2013-11-25 11:55 - 0011640 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI7767.txt
2011-09-05 22:05 - 2011-09-05 22:05 - 0011400 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI776A.txt
2011-09-05 22:05 - 2011-09-05 22:05 - 0011400 _____ () C:\Users\WB\AppData\Local\dd_vcredistUI7777.txt
2012-06-20 18:58 - 2012-06-20 18:58 - 0239294 _____ () C:\Users\WB\AppData\Local\dd_vc_designtime_x64_msi1C92.txt
2014-11-05 13:05 - 2014-11-05 13:05 - 0238922 _____ () C:\Users\WB\AppData\Local\dd_vc_designtime_x64_msi79E7.txt
2012-05-16 14:49 - 2012-05-16 14:50 - 0450646 _____ () C:\Users\WB\AppData\Local\dd_VC_Red_MSI2F5A.txt
2012-08-14 15:19 - 2012-08-14 15:20 - 0445896 _____ () C:\Users\WB\AppData\Local\dd_VC_Red_MSI3E83.txt
2014-11-05 12:41 - 2014-11-05 12:41 - 0325332 _____ () C:\Users\WB\AppData\Local\dd_vc_runtime_x64_msi6706.txt
2012-06-20 18:17 - 2012-06-20 18:17 - 0321498 _____ () C:\Users\WB\AppData\Local\dd_vc_runtime_x64_msi7D47.txt
2014-11-05 12:40 - 2014-11-05 12:41 - 0328798 _____ () C:\Users\WB\AppData\Local\dd_vc_runtime_x86_msi66EC.txt
2012-06-20 18:17 - 2012-06-20 18:17 - 0333350 _____ () C:\Users\WB\AppData\Local\dd_vc_runtime_x86_msi7D34.txt
2012-06-20 18:53 - 2012-06-20 18:54 - 0437090 _____ () C:\Users\WB\AppData\Local\dd_VS2010ToolsMVC2.msi185C.txt
2014-11-05 12:55 - 2014-11-05 12:58 - 0406766 _____ () C:\Users\WB\AppData\Local\dd_VS2010ToolsMVC2.msi725E.txt
2012-06-20 18:54 - 2012-06-20 18:54 - 0306592 _____ () C:\Users\WB\AppData\Local\dd_VS2010ToolsMVC2_LP_deu.msi1937.txt
2014-11-05 12:58 - 2014-11-05 13:00 - 0291320 _____ () C:\Users\WB\AppData\Local\dd_VS2010ToolsMVC2_LP_deu.msi7468.txt
2012-06-20 18:37 - 2012-06-20 18:37 - 0379730 _____ () C:\Users\WB\AppData\Local\dd_vsa_envlp_msi_DEU0C6C.txt
2014-11-05 12:42 - 2014-11-05 12:42 - 0375342 _____ () C:\Users\WB\AppData\Local\dd_vsa_envlp_msi_DEU67C7.txt
2012-06-20 18:18 - 2012-06-20 18:18 - 0379730 _____ () C:\Users\WB\AppData\Local\dd_vsa_envlp_msi_DEU7DDA.txt
2012-06-20 18:37 - 2012-06-20 18:37 - 1755926 _____ () C:\Users\WB\AppData\Local\dd_vsa_env_msi0C13.txt
2014-11-05 12:41 - 2014-11-05 12:42 - 1747384 _____ () C:\Users\WB\AppData\Local\dd_vsa_env_msi6765.txt
2012-06-20 18:18 - 2012-06-20 18:18 - 1755938 _____ () C:\Users\WB\AppData\Local\dd_vsa_env_msi7D99.txt
2012-05-16 14:53 - 2012-05-16 14:53 - 1297662 _____ () C:\Users\WB\AppData\Local\dd_vsexpbsln64_10031E7.txt
2012-08-14 15:23 - 2012-08-14 15:23 - 1291210 _____ () C:\Users\WB\AppData\Local\dd_vsexpbsln64_1004113.txt
2012-06-20 18:37 - 2012-06-20 18:52 - 62558540 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog0CAD.txt
2012-08-13 16:42 - 2012-08-13 16:52 - 5701112 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog2FC0.txt
2012-05-16 14:53 - 2012-05-16 14:55 - 18333230 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog3256.txt
2012-08-14 15:23 - 2012-08-14 15:26 - 17210714 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog417C.txt
2012-06-20 17:29 - 2012-06-20 17:33 - 10412138 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog5870.txt
2012-08-13 14:54 - 2012-08-13 15:05 - 5640906 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog5C9B.txt
2014-11-05 12:43 - 2014-11-05 12:54 - 61367860 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog68A8.txt
2012-06-20 18:18 - 2012-06-20 18:23 - 43232340 _____ () C:\Users\WB\AppData\Local\dd_VSMsiLog7E29.txt
2014-11-05 13:02 - 2014-11-05 13:02 - 0051038 _____ () C:\Users\WB\AppData\Local\dd_vstodt40_lp_de_x64.msi77C3.txt
2014-11-05 13:02 - 2014-11-05 13:02 - 0050130 _____ () C:\Users\WB\AppData\Local\dd_vstodt40_x64.msi7795.txt
2012-08-13 14:50 - 2012-08-13 14:50 - 0519294 _____ () C:\Users\WB\AppData\Local\dd_vstor40_lp_x64_deuMSI59BF.txt
2012-08-13 14:50 - 2012-08-13 14:50 - 0014182 _____ () C:\Users\WB\AppData\Local\dd_vstor40_lp_x64_deuUI59BF.txt
2012-08-13 16:25 - 2012-08-13 16:25 - 1105092 _____ () C:\Users\WB\AppData\Local\dd_vstor40_x64MSI2231.txt
2012-08-13 16:25 - 2012-08-13 16:26 - 0021286 _____ () C:\Users\WB\AppData\Local\dd_vstor40_x64UI2231.txt
2012-06-20 18:55 - 2012-06-20 18:56 - 1074626 _____ () C:\Users\WB\AppData\Local\dd_vstor40_x64_msi1A7E.txt
2014-11-05 13:02 - 2014-11-05 13:02 - 1043148 _____ () C:\Users\WB\AppData\Local\dd_vstor40_x64_msi770C.txt
2012-06-20 18:57 - 2012-06-20 18:57 - 0444596 _____ () C:\Users\WB\AppData\Local\dd_vstorlp40_msi1BA7.txt
2014-11-05 13:04 - 2014-11-05 13:04 - 0431544 _____ () C:\Users\WB\AppData\Local\dd_vstorlp40_msi78F6.txt
2012-06-20 18:52 - 2012-06-20 18:53 - 0446226 _____ () C:\Users\WB\AppData\Local\dd_WebDeploy_x64_en-US.msi183C.txt
2014-11-05 12:55 - 2014-11-05 12:55 - 0440634 _____ () C:\Users\WB\AppData\Local\dd_WebDeploy_x64_en-US.msi720F.txt
2011-10-04 18:01 - 2014-11-05 13:25 - 0164618 _____ () C:\Users\WB\AppData\Local\uxeventlog.txt
2014-11-05 13:02 - 2014-11-05 13:02 - 0001744 _____ () C:\Users\WB\AppData\Local\VWL775A.tmp
2014-11-05 13:02 - 2014-11-05 13:02 - 0001538 _____ () C:\Users\WB\AppData\Local\VWL970C.tmp
2014-11-05 13:18 - 2014-11-05 13:18 - 0001304 _____ () C:\Users\WB\AppData\Local\VWLB509.tmp
2012-07-16 14:58 - 2012-08-02 11:39 - 0000164 _____ () C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
2012-07-16 14:58 - 2012-08-02 10:43 - 0000164 _____ () C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\installerdll2560818.dll
C:\Users\Administrator\AppData\Local\Temp\installerdll2569820.dll
C:\Users\Administrator\AppData\Local\Temp\rootsupd.exe
C:\Users\Administrator\AppData\Local\Temp\Setup.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Administrator\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\WB\AppData\Local\Temp\20131108093317644jniverify.dll
C:\Users\WB\AppData\Local\Temp\20131124032152386jniverify.dll
C:\Users\WB\AppData\Local\Temp\20131124032527874jniverify.dll
C:\Users\WB\AppData\Local\Temp\20131125073850667jniverify.dll
C:\Users\WB\AppData\Local\Temp\20131125120942169jniverify.dll
C:\Users\WB\AppData\Local\Temp\AskSLib.dll
C:\Users\WB\AppData\Local\Temp\avgnt.exe
C:\Users\WB\AppData\Local\Temp\card_setup.exe
C:\Users\WB\AppData\Local\Temp\contentDATs.exe
C:\Users\WB\AppData\Local\Temp\CTPBSeq.exe
C:\Users\WB\AppData\Local\Temp\DivXSetup.exe
C:\Users\WB\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\WB\AppData\Local\Temp\drm_dyndata_7260005.dll
C:\Users\WB\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\WB\AppData\Local\Temp\DSETUP.dll
C:\Users\WB\AppData\Local\Temp\dsetup32.dll
C:\Users\WB\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\WB\AppData\Local\Temp\DXSETUP.exe
C:\Users\WB\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\WB\AppData\Local\Temp\gert0.exe
C:\Users\WB\AppData\Local\Temp\i4jdel0.exe
C:\Users\WB\AppData\Local\Temp\installerdll1062132.dll
C:\Users\WB\AppData\Local\Temp\installerdll1298053.dll
C:\Users\WB\AppData\Local\Temp\installerdll1453835.dll
C:\Users\WB\AppData\Local\Temp\installerdll1465239.dll
C:\Users\WB\AppData\Local\Temp\installerdll2853320.dll
C:\Users\WB\AppData\Local\Temp\installerdll2992582.dll
C:\Users\WB\AppData\Local\Temp\installerdll3053391.dll
C:\Users\WB\AppData\Local\Temp\installerdll3345550.dll
C:\Users\WB\AppData\Local\Temp\installerdll465428.dll
C:\Users\WB\AppData\Local\Temp\installerdll693611.dll
C:\Users\WB\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\WB\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\WB\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\WB\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\WB\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\WB\AppData\Local\Temp\liptmebvtubcvqlyj.exe
C:\Users\WB\AppData\Local\Temp\rootsupd.exe
C:\Users\WB\AppData\Local\Temp\Setup.exe
C:\Users\WB\AppData\Local\Temp\sfamcc00001.dll
C:\Users\WB\AppData\Local\Temp\sfamcc00002.dll
C:\Users\WB\AppData\Local\Temp\sfareca00001.dll
C:\Users\WB\AppData\Local\Temp\sfextra.dll
C:\Users\WB\AppData\Local\Temp\Shockwave_Installer_Slim.exe
C:\Users\WB\AppData\Local\Temp\SkypeSetup.exe
C:\Users\WB\AppData\Local\Temp\sonarinst.exe
C:\Users\WB\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\WB\AppData\Local\Temp\tmp194A.exe
C:\Users\WB\AppData\Local\Temp\tmp63B1.exe
C:\Users\WB\AppData\Local\Temp\tmp8719.exe
C:\Users\WB\AppData\Local\Temp\tmpD72C.exe
C:\Users\WB\AppData\Local\Temp\Uninstaller-4180.exe
C:\Users\WB\AppData\Local\Temp\Uninstaller-5116.exe
C:\Users\WB\AppData\Local\Temp\vcredist_x64.exe
C:\Users\WB\AppData\Local\Temp\vcredist_x86.exe
C:\Users\WB\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\WB\AppData\Local\Temp\yrtorzf_.dll
C:\Users\WB\AppData\Local\Temp\_is1322.exe
C:\Users\****(Klarname)\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-19 16:42

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by WB at 2015-04-19 16:55:18
Running from E:\Images Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v2.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.20 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{A70B905D-2E57-66A0-3BFE-66B8E71E0C70}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Arta Software version 1.7.1 (HKLM-x32\...\ArtaSoftware_is1) (Version:  - )
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.00 - Ubisoft)
AudioMulch Interactive Music Studio 2.2.1 (HKLM-x32\...\AudioMulch Interactive Music Studio_is1) (Version:  - )
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
bs2bwmp (HKLM-x32\...\{47B5BB26-A85D-4DBA-88E7-37A3C1682D59}) (Version: 1.0.0 - BG)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
CPUID CPU-Z 1.56 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.1 - Illustrate)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FlatOut2 (HKLM-x32\...\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}) (Version: 1.00.0000 - Ihr Firmenname)
foobar2000 v1.1.8 (HKLM-x32\...\foobar2000) (Version: 1.1.8 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.50.1122 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1122 - DVDVideoSoft Ltd.)
gamelauncher-ps2-psg (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\SOE-D:/Spiele/Planetside 2) (Version:  - Sony Online Entertainment)
Geany 0.21 (HKLM-x32\...\Geany) (Version: 0.21 - The Geany developer team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Chrome (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version:  - )
HHD Software Free Hex Editor Neo 5.13 (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.13.0.4760 - HHD Software, Ltd.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
Hotspot Shield 2.07 (HKLM-x32\...\HotspotShield) (Version: 2.07 - AnchorFree)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.017 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.42 (HKLM-x32\...\Inkscape) (Version: 0.42 - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Lazarus 0.9.30 (HKLM\...\Lazarus_is1) (Version: 0.9.30 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.100 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.100 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{8583E7E3-2237-4981-B957-E28E5E9AB678}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{92C5C058-E941-47C3-B7E8-38A79C605969}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{9C3B8582-A72A-4835-8903-877A834407BB}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Minecraft Version Beta 1.3_01 (HKLM-x32\...\{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1) (Version: Beta 1.3_01 - Copyright 2009-2010 Mojang AB)
Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: 8.8.7.892 - Mobile Connection Manager)
Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla)
Mp3tag v2.49 (HKLM-x32\...\Mp3tag) (Version: v2.49 - Florian Heidenreich)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version:  - Airtight Games)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
Paint.NET v3.5.5 (HKLM\...\{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}) (Version: 3.55.0 - dotPDN LLC)
Pazera Free MP4 to AVI Converter 1.8 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.8 - Pazera Jacek)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
phase6_18 (HKLM-x32\...\{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}) (Version: 1.80.0000 - phase6)
PlanetSide 2 (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
proXPN 2.5.1 (HKLM-x32\...\proXPN) (Version: 2.5.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Ralink Wireless LAN Card (HKLM-x32\...\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}) (Version: 1.00.01 - RALINK)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
USBlyzer - Software USB Protocol Analyzer (HKLM\...\USBlyzer) (Version: 2.0 Build 23  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Audio Cable 4.9 (HKLM\...\Virtual Audio Cable 4.9) (Version:  - )
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 1.1.2 (HKLM-x32\...\VLC media player) (Version: 1.1.2 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-891635277-1297341078-1701692141-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinISD Pro [alpha] (HKLM-x32\...\WinISD Pro [alpha]) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
ZTE Drivers v1.2074.0.2 (HKLM-x32\...\{66239456-F8B1-49EC-818C-822603C5B712}) (Version: 1.0.1.31 - ZTE Corporation)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.31_TME - ZTE Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\WB\AppData\Local\Google\Chrome\Application\42.0.2311.90\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> C:\Users\WB\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> C:\Users\WB\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> C:\Users\WB\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> C:\Users\WB\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WB\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WB\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WB\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\WB\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-891635277-1297341078-1701692141-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\WB\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

18-04-2015 15:15:46 Geplanter Prüfpunkt
19-04-2015 11:59:16 Prüfpunkt von HitmanPro
19-04-2015 12:05:41 Prüfpunkt von HitmanPro
19-04-2015 12:07:40 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C8F93F9-8B75-43BB-ABEF-F6D9E36C9BB6} - System32\Tasks\{9A14D418-1E3B-41B1-873B-AE54C82A7945} => pcalua.exe -a J:\setup.exe -d J:\
Task: {2C606672-986C-42B1-9D2F-8DD05BA7A099} - System32\Tasks\{F9C600CC-65EE-442F-8DA1-BC4D5EA8F94F} => pcalua.exe -a C:\Users\WB\pbsetup.exe -d "C:\Program Files (x86)\Skype\Phone"
Task: {36D91F3D-0303-45CC-A012-F683B7AB8DDC} - System32\Tasks\{1250A778-782D-43B1-8F11-DEB3313F95F9} => d:\programme\srware iron 13\iron.exe
Task: {3ED8CABB-C47A-414C-A39A-F5E173200951} - System32\Tasks\{93722D7D-FC40-4A3B-AEF8-8B5785184F86} => pcalua.exe -a E:\Daten\pbsetup\pbsetup.exe
Task: {455A1C64-2CC3-4E5B-8487-69E4F316E983} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000Core => C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {58107CBE-E702-4C4F-907A-92CB7A6C274E} - System32\Tasks\{66C066B9-3233-493F-857E-2EB9EFCEA543} => pcalua.exe -a D:\Programme\PortablePython_1.1_py2.6.1\SPE-Portable.exe -d D:\Programme\PortablePython_1.1_py2.6.1
Task: {5E8A4A03-284C-4616-85E0-696DE56AE4BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {64881E85-3F5A-45FA-804F-D0597F7D1D27} - System32\Tasks\AdobeAAMUpdater-1.0-WB-PC-WB => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {6A4A87A5-2B57-4C97-B3BD-089CD48A391B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe [2015-03-11] (Adobe Systems Incorporated)
Task: {9036A0FC-0F83-4937-BB4C-CF4E3629D97A} - System32\Tasks\Opera scheduled Autoupdate 1415210620 => D:\Programme\Opera 12.12\launcher.exe [2015-04-07] (Opera Software)
Task: {981643D4-214D-414D-B24B-1A184C5386BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21] (Google Inc.)
Task: {990C47EB-4783-4081-B484-678DD5B2FA95} - System32\Tasks\{339A1B92-A10D-4AD6-B44C-9F923C537F18} => pcalua.exe -a E:\pbsetup\pbsetup.exe -d E:\pbsetup
Task: {A0F4D06B-C1AF-4B60-A22E-B8A78265FFBB} - System32\Tasks\MATLAB R2013a Startup Accelerator => D:\Programme\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {A82283F3-6B72-49C2-BA02-B4BC39C9D0A0} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {B37F9F93-021F-42AA-B8DD-75679751EEBD} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {B970335C-1DF1-4F36-BEF3-D5F58C30E5F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000UA => C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {D797C556-511D-4E7B-8F1C-79DFB9A9586A} - System32\Tasks\{D614F604-F3AA-4813-A256-3637E1758725} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {F206CF59-03E3-4288-8D2F-599498F8FB63} - System32\Tasks\{10F3BA8D-F31C-424F-869B-5012D7BA4585} => pcalua.exe -a F:\DirectX\DXSETUP.exe -d F:\DirectX
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000Core.job => C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-891635277-1297341078-1701692141-1000UA.job => C:\Users\WB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => D:\Programme\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-16 16:27 - 2012-11-16 16:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-05-27 01:14 - 2011-05-27 01:14 - 00329544 _____ () D:\Programme\hotspotshield\Hotspot Shield\bin\hsswd.exe
2012-06-22 01:28 - 2014-11-30 00:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-04-20 03:21 - 2012-11-16 21:37 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2015-04-08 18:26 - 2015-04-08 18:25 - 00484472 _____ () D:\Programme\Opera 12.12\28.0.1750.51\opera_crashreporter.exe
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2009-03-30 04:34 - 2009-03-30 04:34 - 00280143 _____ () D:\Programme\hotspotshield\Hotspot Shield\bin\libidn-11.dll
2009-03-27 22:02 - 2009-03-27 22:02 - 01554920 _____ () D:\Programme\hotspotshield\Hotspot Shield\bin\libeay32.dll
2009-03-27 22:02 - 2009-03-27 22:02 - 00332254 _____ () D:\Programme\hotspotshield\Hotspot Shield\bin\libssl32.dll
2015-04-08 18:26 - 2015-04-08 18:25 - 09625720 _____ () D:\Programme\Opera 12.12\28.0.1750.51\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Public\DRM:احتضان

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-891635277-1297341078-1701692141-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\WB\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Programme\Hamachi_2.0.3.115\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-891635277-1297341078-1701692141-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-891635277-1297341078-1701692141-501 - Limited - Disabled)
WB (S-1-5-21-891635277-1297341078-1701692141-1000 - Administrator - Enabled) => C:\Users\WB
****(Klarname) (S-1-5-21-891635277-1297341078-1701692141-1001 - Limited - Enabled) => C:\Users\****(Klarname)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Virtual Audio Cable
Description: Virtual Audio Cable
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: EuMus Design
Service: EuMusDesignVirtualAudioCableWdm
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: 
Description: 
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 04:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 01:25:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WB\APPDATA\ROAMING\CASA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/19/2015 01:20:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WB\APPDATA\ROAMING\CASA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/19/2015 01:19:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WB\APPDATA\ROAMING\CASA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/19/2015 01:04:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WB\APPDATA\ROAMING\CASA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/19/2015 00:34:50 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (04/19/2015 00:33:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 00:28:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\WB\APPDATA\ROAMING\CASA> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (04/19/2015 00:12:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000170EBF0.72)". hr = 0x80070005.

Error: (04/19/2015 00:12:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegSetValueExW(0x000001f8,(null),0,REG_BINARY,000000000184E370.72)". hr = 0x80070005.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {2d4e2113-b61b-4136-8419-1b9b4669d9e3}


System errors:
=============
Error: (04/19/2015 04:36:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: amdide64

Error: (04/19/2015 04:36:05 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Hotspot Shield Servicetaphss

Error: (04/19/2015 04:36:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AODDriver4.1%%2

Error: (04/19/2015 02:37:50 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00A1B0258E8B zugeteilt werden. Der folgende Fehler ist aufgetreten: 
%%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error: (04/19/2015 00:34:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: amdide64

Error: (04/19/2015 00:33:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Hotspot Shield Servicetaphss

Error: (04/19/2015 00:33:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AODDriver4.1%%2

Error: (04/19/2015 00:33:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: HitmanPro 3.7 Crusader (Boot)0 (0x0)

Error: (04/19/2015 11:01:16 AM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00A1B0258E8B zugeteilt werden. Der folgende Fehler ist aufgetreten: 
%%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error: (04/19/2015 10:55:08 AM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 00A1B0258E8B zugeteilt werden. Der folgende Fehler ist aufgetreten: 
%%121. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.


Microsoft Office Sessions:
=========================
Error: (04/19/2015 04:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 01:25:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WB\APPDATA\ROAMING\CASA

Error: (04/19/2015 01:20:20 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WB\APPDATA\ROAMING\CASA

Error: (04/19/2015 01:19:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WB\APPDATA\ROAMING\CASA

Error: (04/19/2015 01:04:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WB\APPDATA\ROAMING\CASA

Error: (04/19/2015 00:34:50 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

Error: (04/19/2015 00:33:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 00:28:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\WB\APPDATA\ROAMING\CASA

Error: (04/19/2015 00:12:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000170EBF0.72)0x80070005

Error: (04/19/2015 00:12:36 PM) (Source: VSS) (EventID: 12289) (User: )
Description: RegSetValueExW(0x000001f8,(null),0,REG_BINARY,000000000184E370.72)0x80070005

Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {2d4e2113-b61b-4136-8419-1b9b4669d9e3}


CodeIntegrity Errors:
===================================
  Date: 2015-04-19 16:54:58.787
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:54:58.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:54:58.183
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:54:57.876
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:45.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:45.469
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:45.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:44.851
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:44.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-04-19 16:36:44.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 450 Processor
Percentage of memory in use: 43%
Total physical RAM: 4094.31 MB
Available physical RAM: 2324.36 MB
Total Pagefile: 8425.12 MB
Available Pagefile: 6212.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:80.08 GB) (Free:5.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:250.49 GB) (Free:100.98 GB) NTFS
Drive e: () (Fixed) (Total:600.95 GB) (Free:301.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0004C60C)
Partition 1: (Active) - (Size=80.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=600.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Geändert von paradog (19.04.2015 um 17:32 Uhr)

Alt 19.04.2015, 17:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



ja so isses richtig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2015, 09:50   #5
paradog
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Grad kam wieder so einen Captcha Abfrage durch Google, scheint noch was da zu sein:

„Über diese Seite

Unsere Systeme haben ungewöhnlichen Datenverkehr aus Ihrem Computernetzwerk festgestellt. Diese Seite überprüft, ob die Anfragen wirklich von Ihnen und nicht von einem Robot gesendet werden.”


Alt 20.04.2015, 10:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Zitat:
ProxyServer: [S-1-5-21-891635277-1297341078-1701692141-1000] => 131.109.42.105:80
FF NetworkProxy: "backup.ftp", "183.207.228.8"
FF NetworkProxy: "backup.ftp_port", 80
FF NetworkProxy: "backup.socks", "183.207.228.8"
FF NetworkProxy: "backup.socks_port", 80
FF NetworkProxy: "backup.ssl", "183.207.228.8"
FF NetworkProxy: "backup.ssl_port", 80
FF NetworkProxy: "ftp", "62.103.107.9"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "62.103.107.9"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "62.103.107.9"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "62.103.107.9"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 1
Ist auch kein Wunder, du hast die Browser so eingestellt, dass sie über Proxies surfen:

Zitat:
Adobe Photoshop CS6
Microsoft SQL Server 2008 (64-bit)
Visual Studio 2010
Nutzt du dieses System auch gewerblich oder hat diese Software einen anderen Grund?

BTW: auf diesem Gerät läuft noch Windows Vista, der Support läuft da auch bald aus, so langsam musst du dir Gedanken zum Umsieg auf ein neueres Windows machen. Oder Linux statt Windows verwenden.
__________________
--> Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner

Alt 27.04.2015, 18:54   #7
paradog
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Photoshop funktioniert nicht mehr, das ist die Testversion, die muss man nach einer Woche aktivieren, sonst schaltet die sich ab.

Visual Studio kann man sich hier vom Uni Server installieren, auch neuere Versionen, aber alles nach 2010 läuft nicht unter Vista.
Das SQL Server 2008 war da wahrscheinlich in dem Paket mit drin oder so, dass sagt mir jetzt nichts

Über einen Proxy sollte eigentlich nichts laufen. Zumindest nicht bei Opera, der nutzt doch die Windows Einstellungen und da ist alles aus.
Bei Firefox war das Verbinden über einen Proxy-Server tatsächlich noch an, aber das ist Version 17.0, die nutze ich nicht mehr, das war nur noch installiert. Opera sollte das ja eigentlich nicht beeinflussen.

Ich hab das bei Firefox jetzt trotzdem mal deaktiviert, mal gucken ob die Captcha Abfragen weiterhin kommen.


Ansonsten ist alles in Ordnung, oder wie?

Alt 27.04.2015, 19:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Standard

Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner



Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
.dll, antivir, avira, bitcoinminer, coinminer, computer, explorer, firewall, google, google-capchas, helper, install.exe, internet, internet explorer, keylogger, logfiles, malwarebytes, microsoft, neue, neustart, passwort, scan, schutz, software, suche, system, temp, updates, vista, windows



Ähnliche Themen: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner


  1. WIN 7: Google meldet dubiose Aktivitäten und verlangt Captcha
    Log-Analyse und Auswertung - 12.05.2015 (31)
  2. Ständige Google-Captcha Abfrage
    Log-Analyse und Auswertung - 17.04.2015 (11)
  3. Windows 8.1 - Captcha-Abfrage bei Google
    Log-Analyse und Auswertung - 01.01.2015 (13)
  4. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  5. ~ 3 BitCoin Miner, Avira + Malwarebytes finden nichts. Beim Start startet sich Browser "unsichtbar"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2014 (13)
  6. Windows 7: Google Redirect leitet auf Werbeseite mit Captcha
    Log-Analyse und Auswertung - 07.09.2014 (3)
  7. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  8. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  9. Windows 7: Ständige Grafikkarten-Treiber Abstürze, Freezes & Bluescreen... Verdacht auf Bitcoin-Miner o.ä!
    Log-Analyse und Auswertung - 31.10.2013 (10)
  10. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  11. Google sucht nicht und verlangt Captcha
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (13)
  12. Google Captcha Problem - Datenverkehr
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (23)
  13. Google captcha abfrage & bundespolizeivirus
    Log-Analyse und Auswertung - 23.12.2012 (15)
  14. Google-Meldung Datenverkehr, zum fortfahren Captcha-Eingabe nötig
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (31)
  15. Google fordert Captcha-Eingabe von Suchmaschinennutzern
    Nachrichten - 26.07.2012 (0)
  16. Weiterleitung nach google Suche + amazon Daten ausgepäht
    Log-Analyse und Auswertung - 02.04.2012 (30)
  17. Captcha-Abfragen noch immer leicht zu umgehen
    Nachrichten - 04.11.2011 (0)

Zum Thema Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner - Hallo, In den letzten Wochen kam es hin und wieder vor, dass wenn ich einen neuen Tab geöffnet habe und aus der in der Browserzeile integrierten Googlesuche eine Suche gestartet - Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner...
Archiv
Du betrachtest: Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.