Trojaner oder Hardware-Fehler?

IceCubiee · 16.07.2015, 16:41

Hallo erstmal,
Heute hab ich meinen Laptop wie jeden Tag normal gestartet aber dieser stürzte nach paar Sekunden auf dem Desktop mit einem Hardware-Fehler ab. Ich hab ihm noch ein paar Neustart- Versuche gegeben bis ich es aufgegeben hab. Jetzt läuft er im Abgesichertem Modus mit Internetzugang. Ich prüfte in der Ereignisanzeige den Fehler:

"Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "wuauserv" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}"

Der einzige Grund der mir dazu einfällt ist eine Website die ich gestern besucht hab. Dort benötigte es nur einen Klick und irgendwas wurde geladen. Ob nun auf dem PC oder nur auf der Website ist mir unbekannt.

Bevor ich jedoch zu euch kam, versuchte ich die Testversion von Eset Nod32 Antivirus runterzuladen was auch erfolgreich war, jedoch bei der Instalation scheiterte.

Ereignisprotokol:
"Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "MSIServer" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{000C101C-0000-0000-C000-000000000046}"

Fehler war angeblich ein Schadcode welchen Eset nach Instalation eines weiteren Tools nicht gefunden hat.

Ich suchte in Foren nach Hilfe und kam zur Instalation von OTL.

Scanlogs:

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 16.07.2015 17:01:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emilia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,74% Memory free
6,13 Gb Paging File | 5,35 Gb Available in Paging File | 87,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,73 Gb Free Space | 3,94% Space Free | Partition Type: NTFS
Drive Z: | 181,13 Gb Total Space | 128,95 Gb Free Space | 71,20% Space Free | Partition Type: NTFS
 
Computer Name: JOSEFS-PC | User Name: Emilia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015.07.16 16:55:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Emilia\Desktop\OTL.exe
PRC - [2015.07.13 23:55:16 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015.07.13 23:55:16 | 016,308,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
MOD - [2006.09.14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PLAY ONLINE. RunOuc)
SRV - File not found [On_Demand | Stopped] --  -- (OverwolfUpdaterService)
SRV - [2015.06.04 20:56:54 | 000,837,312 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2015.06.03 16:42:38 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015.03.30 15:28:54 | 001,848,168 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- Z:\Application\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2015.03.27 15:53:31 | 002,869,248 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- Z:\Application\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2015.03.02 20:33:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.11.05 20:44:51 | 000,174,112 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\System32\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014.09.16 12:16:42 | 000,777,944 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014.09.16 12:15:08 | 000,384,728 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014.09.16 12:14:42 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013.04.05 17:01:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.04.05 17:00:38 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.10.24 19:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.01 21:20:00 | 003,931,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.10.19 16:30:50 | 000,423,424 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009.12.16 12:21:36 | 000,890,208 | ---- | M] () [Auto | Stopped] -- Z:\Application\Ashampoo Magical Defrag 3\defragservice.exe -- (Ashampoo Defrag Service)
SRV - [2008.05.23 08:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.02.22 09:45:40 | 000,159,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\ESETCleanersDriver.sys -- (ESETCleanersDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\AhnRec2K.sys -- (AhnRec2K)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\AhnFlt2K.sys -- (AhnFlt2K)
DRV - [2015.03.18 13:34:54 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014.09.16 12:14:48 | 000,112,344 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - [2014.07.10 23:33:10 | 000,026,328 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsomc.sys -- (ggsomc)
DRV - [2014.07.10 23:33:10 | 000,013,528 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.12.26 22:22:20 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012.12.26 22:22:20 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.12.26 22:22:20 | 000,067,584 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012.12.26 22:22:20 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012.12.26 22:22:20 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012.12.26 22:22:19 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.12.26 22:22:19 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.10.31 00:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011.08.17 11:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.08.17 11:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.08.17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.07.15 12:14:26 | 000,018,944 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UHSfiltv.sys -- (UHSfiltv)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- Z:\Application\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.27 22:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.05.14 02:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.28 16:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.24 03:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.02 00:59:22 | 000,285,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008.03.25 23:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 21:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.23 06:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.11.29 19:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.01.07 15:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?rlz=1W4CHBA_deDE552
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deDE427
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Emilia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: Z:\Programme\Mozilla Firefox\components [2013.09.04 14:05:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: Z:\Programme\Mozilla Firefox\components [2013.09.04 14:05:21 | 000,000,000 | ---D | M]
 
[2015.07.16 15:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emilia\AppData\Roaming\mozilla\Extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.5.6_0\
CHR - Extension: No name found = C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DefragTaskBar] Z:\Application\Ashampoo Magical Defrag 3\defragtaskbar.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] Z:\Application\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Amigabit Powerbooster Tray] Z:\Application\Amigabit Powerbooster\PowerboosterTray.exe (Amigabit)
O4 - HKCU..\Run: [puush] Z:\Application\puu.sh\puush.exe ()
O4 - Startup: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = Z:\Application\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java-Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18CF2C53-3EA3-44EF-A16D-D5088F77088A}: DhcpNameServer = 89.108.202.21 89.108.195.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D90C30A0-494F-4458-9291-16E6AF17523E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (趐襁І癅) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2968c000-4f9b-11e2-81c5-0024216517fe}\Shell - "" = AutoRun
O33 - MountPoints2\{d81e1502-50ef-11e2-8caf-0024216517fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ff5472a0-4f81-11e2-acbd-0024216517fe}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015.07.16 16:55:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Emilia\Desktop\OTL.exe
[2015.07.16 16:51:11 | 001,761,992 | ---- | C] (ESET) -- C:\Users\Emilia\Desktop\eset_nod32_antivirus_live_installer_.exe
[2015.07.16 16:26:46 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2015.07.16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\Mozilla
[2015.07.16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Local\Mozilla
[2015.07.13 14:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015.07.10 22:26:19 | 000,000,000 | ---D | C] -- C:\Users\Emilia\ShadowHunter
[2015.07.10 22:25:04 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Local\ShadowHunter
[2015.07.10 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\Trove
[2015.07.04 13:11:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2015.07.04 13:05:18 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2015.07.04 13:04:26 | 003,604,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.07.04 13:04:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015.07.04 13:04:25 | 003,552,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.07.04 13:00:45 | 000,682,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2015.07.04 13:00:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2015.07.04 13:00:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2015.07.04 13:00:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2015.07.04 13:00:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2015.07.04 13:00:44 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015.07.04 13:00:44 | 001,072,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015.07.04 13:00:44 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2015.07.04 12:58:59 | 000,296,960 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015.07.04 12:58:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015.07.04 12:57:36 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015.07.04 12:53:42 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015.07.04 12:27:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2015.07.04 12:27:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2015.07.04 12:27:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2015.07.04 12:27:09 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2015.07.04 12:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015.07.04 12:01:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.07.04 12:01:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.07.04 12:01:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015.07.04 12:01:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.07.04 12:01:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.07.04 12:01:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015.07.04 12:01:17 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.07.04 12:01:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.07.04 12:01:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.07.04 12:01:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.07.04 12:01:13 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.07.04 12:01:10 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.06.30 13:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2015.06.30 13:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Netzmanager
[2015.06.30 13:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2015.06.30 13:32:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7F13FB29-2E97-44BD-B7D8-AD3448228A45}
[2015.06.28 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2015.06.28 12:43:21 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\Cubic
[2015.06.27 20:20:07 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\Waveform
[2015.06.27 15:06:09 | 000,000,000 | ---D | C] -- C:\Users\Emilia\AppData\Roaming\ots
 
========== Files - Modified Within 30 Days ==========
 
[2015.07.16 16:55:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Emilia\Desktop\OTL.exe
[2015.07.16 16:51:30 | 001,761,992 | ---- | M] (ESET) -- C:\Users\Emilia\Desktop\eset_nod32_antivirus_live_installer_.exe
[2015.07.16 16:03:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.07.16 15:59:58 | 000,001,356 | ---- | M] () -- C:\Users\Emilia\AppData\Local\d3d9caps.dat
[2015.07.16 15:56:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.07.16 15:56:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.07.16 15:56:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.07.16 15:49:31 | 247,643,116 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015.07.16 13:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015.07.16 00:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.07.14 18:01:46 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015.07.13 14:25:44 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015.07.10 16:27:32 | 000,000,212 | ---- | M] () -- C:\Users\Emilia\Desktop\Odyssey Reborn.url
[2015.07.10 16:24:50 | 000,000,212 | ---- | M] () -- C:\Users\Emilia\Desktop\Shadow Hunter.url
[2015.07.10 16:16:53 | 000,000,212 | ---- | M] () -- C:\Users\Emilia\Desktop\Trove.url
[2015.07.04 13:18:54 | 000,373,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015.07.04 13:03:02 | 000,674,032 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015.07.04 13:03:02 | 000,634,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.07.04 13:03:02 | 000,146,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015.07.04 13:03:02 | 000,119,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.06.30 14:05:26 | 000,000,670 | ---- | M] () -- C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2015.06.28 22:19:33 | 000,096,352 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2015.06.28 12:39:57 | 000,000,212 | ---- | M] () -- C:\Users\Emilia\Desktop\Cubic Castles.url
[2015.06.27 19:36:55 | 000,000,212 | ---- | M] () -- C:\Users\Emilia\Desktop\8BitMMO.url
 
========== Files Created - No Company Name ==========
 
[2015.07.16 13:57:11 | 247,643,116 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015.07.13 14:25:44 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015.07.10 16:27:32 | 000,000,212 | ---- | C] () -- C:\Users\Emilia\Desktop\Odyssey Reborn.url
[2015.07.10 16:24:50 | 000,000,212 | ---- | C] () -- C:\Users\Emilia\Desktop\Shadow Hunter.url
[2015.07.10 16:16:53 | 000,000,212 | ---- | C] () -- C:\Users\Emilia\Desktop\Trove.url
[2015.06.30 14:05:26 | 000,000,670 | ---- | C] () -- C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2015.06.28 12:39:57 | 000,000,212 | ---- | C] () -- C:\Users\Emilia\Desktop\Cubic Castles.url
[2015.06.27 19:36:55 | 000,000,212 | ---- | C] () -- C:\Users\Emilia\Desktop\8BitMMO.url
[2015.01.19 19:42:45 | 000,000,794 | ---- | C] () -- C:\Users\Emilia\AppData\Roaming\Emiliav3.4.2.2.vbs
[2014.11.08 14:26:42 | 000,003,370 | ---- | C] () -- C:\Users\Emilia\AppData\Local\recently-used.xbel
[2014.01.18 00:48:04 | 000,000,023 | ---- | C] () -- C:\Windows\System32\AmigabitPowerboosterTrial.dll
[2013.12.20 20:07:13 | 000,000,108 | ---- | C] () -- C:\Users\Emilia\kvirc4.ini
[2013.09.08 16:38:21 | 000,000,026 | ---- | C] () -- C:\Users\Emilia\AppData\Local\TempJOSEFS-PCEmilia.verlauf
[2013.07.20 20:06:49 | 000,000,600 | ---- | C] () -- C:\Users\Emilia\AppData\Roaming\winscp.rnd
[2013.07.19 05:42:12 | 000,032,824 | ---- | C] () -- C:\Windows\System32\UHS.ini
[2013.07.19 05:42:12 | 000,002,413 | ---- | C] () -- C:\Windows\UHScfg.ini
[2013.07.19 05:42:12 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2013.07.19 05:42:12 | 000,000,276 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2013.05.01 21:33:43 | 000,005,488 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2013.05.01 21:33:43 | 000,005,488 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2011.12.09 22:12:46 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.03 15:20:06 | 000,044,544 | ---- | C] () -- C:\Users\Emilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 16:48:48 | 000,001,356 | ---- | C] () -- C:\Users\Emilia\AppData\Local\d3d9caps.dat
[2011.04.14 16:53:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.12 21:10:10 | 000,133,350 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.18 04:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Nichts anderes wurde von mir unternommen.
Ich hoffe auf eine schnelle und hoffentlich eine hilfreiche Antwort!

Liebe Grüße
IceCubiee

schrauber · 16.07.2015, 17:32

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

IceCubiee · 16.07.2015, 18:14

FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Emilia (administrator) on JOSEFS-PC on 16-07-2015 19:09:44
Running from C:\Users\Emilia\Desktop
Loaded Profiles: Emilia (Available Profiles: Emilia)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() Z:\Application\Ashampoo Magical Defrag 3\defragservice.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
( TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(Mirco-Star International  CO., LTD.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(AlcaTech) C:\Windows\System32\mmrtkrnl.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() Z:\Application\Ashampoo Magical Defrag 3\defragtaskbar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\System Control Manager\MSIService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Deutsche Telekom AG) Z:\Application\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() Z:\Application\puu.sh\puush.exe
(Amigabit) Z:\Application\Amigabit Powerbooster\PowerboosterTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Deutsche Telekom AG) Z:\Application\Netzmanager\netzmanager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() Z:\Application\Ashampoo Magical Defrag 3\defragmonitorservice.exe
() Z:\Application\Ashampoo Magical Defrag 3\defragactivitymonitor.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corporation) Z:\Application\ Malwarebytes Anti-Malware \mbamresearch.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [75136 2007-09-29] ( TOSHIBA CORPORATION)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [704512 2008-08-12] (Mirco-Star International  CO., LTD.)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [Realtime Audio Engine] => "mmrtkrnl.exe" /i
HKLM\...\Run: [DefragTaskBar] => Z:\Application\Ashampoo Magical Defrag 3\defragtaskbar.exe [927072 2009-12-16] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] => Z:\Application\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\Run: [puush] => Z:\Application\puu.sh\puush.exe [568904 2015-04-12] ()
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\Run: [Amigabit Powerbooster Tray] => Z:\Application\Amigabit Powerbooster\PowerboosterTray.exe [481632 2013-06-14] (Amigabit)
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2006-11-02] (Microsoft Corporation)
AppInit_DLLs: 趐襁І癅 => 趐襁І癅 File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2008-12-04]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2015-06-30]
ShortcutTarget: Netzmanager.lnk -> Z:\Application\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Emilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2015-03-26]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?rlz=1W4CHBA_deDE552
HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-4008095182-3589058916-2039343968-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4008095182-3589058916-2039343968-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{18CF2C53-3EA3-44EF-A16D-D5088F77088A}: [DhcpNameServer] 89.108.202.21 89.108.195.21
Tcpip\..\Interfaces\{D90C30A0-494F-4458-9291-16E6AF17523E}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-02] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-09-23] (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4008095182-3589058916-2039343968-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emilia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4008095182-3589058916-2039343968-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-09-23] (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-30]

Chrome: 
=======
CHR Profile: C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-13]
CHR Extension: (Google Drive) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-13]
CHR Extension: (YouTube) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-13]
CHR Extension: (Google Search) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (YouTube Unblocker) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-08-20]
CHR Extension: (Gmail) - C:\Users\Emilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ashampoo Defrag Service; Z:\Application\Ashampoo Magical Defrag 3\defragservice.exe [890208 2009-12-16] ()
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-04-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-04-05] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [174112 2014-11-05] (EasyAntiCheat Ltd)
S3 Hamachi2Svc; Z:\Application\Hamachi\hamachi-2.exe [1848168 2015-03-30] (LogMeIn Inc.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; Z:\Application\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [159744 2008-02-22] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Netzmanager Service; Z:\Application\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2869248 2015-03-27] (Deutsche Telekom AG) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [3931352 2012-01-01] (INCA Internet Co., Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 OverwolfUpdaterService; No ImagePath
S2 PLAY ONLINE. RunOuc; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
S3 BrSerIf; C:\Windows\System32\Drivers\BrSerIf.sys [52224 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2006-09-03] (Brother Industries Ltd.) [File not signed]
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-09-16] (BlueStack Systems)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2014-07-10] (Sony Mobile Communications)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-12-26] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [67584 2012-12-26] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-12-26] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [285184 2008-04-02] (Realtek Semiconductor Corporation                           )
R3 TelekomNM3; Z:\Application\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [18944 2011-07-15] (Creative Technology Ltd.)
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [245376 2012-12-26] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 19:09 - 2015-07-16 19:10 - 00018359 _____ C:\Users\Emilia\Desktop\FRST.txt
2015-07-16 19:09 - 2015-07-16 19:09 - 00000000 ___DC C:\FRST
2015-07-16 19:08 - 2015-07-16 19:08 - 01636864 _____ (Farbar) C:\Users\Emilia\Desktop\FRST.exe
2015-07-16 18:55 - 2015-07-16 18:55 - 00000693 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-16 17:10 - 2015-07-16 17:10 - 00122452 _____ C:\Users\Emilia\Desktop\Extras.Txt
2015-07-16 17:08 - 2015-07-16 17:08 - 00070704 _____ C:\Users\Emilia\Desktop\OTL.Txt
2015-07-16 16:55 - 2015-07-16 16:55 - 00602112 _____ (OldTimer Tools) C:\Users\Emilia\Desktop\OTL.exe
2015-07-16 16:51 - 2015-07-16 16:51 - 01761992 _____ (ESET) C:\Users\Emilia\Desktop\eset_nod32_antivirus_live_installer_.exe
2015-07-16 16:32 - 2015-07-16 16:32 - 00000000 ____D C:\Users\Emilia\Downloads\Speclean
2015-07-16 16:26 - 2015-07-16 16:26 - 00000000 ___HD C:\Windows\PIF
2015-07-16 16:16 - 2015-07-16 16:16 - 01762504 _____ (ESET) C:\Users\Emilia\Downloads\eset_nod32_antivirus_live_installer.exe
2015-07-16 15:49 - 2015-07-16 15:49 - 00146432 _____ C:\Windows\Minidump\Mini071615-02.dmp
2015-07-16 15:48 - 2015-07-16 15:48 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\Mozilla
2015-07-16 15:48 - 2015-07-16 15:48 - 00000000 ____D C:\Users\Emilia\AppData\Local\Mozilla
2015-07-16 13:58 - 2015-07-16 13:58 - 00146432 _____ C:\Windows\Minidump\Mini071615-01.dmp
2015-07-16 13:57 - 2015-07-16 15:49 - 247643116 _____ C:\Windows\MEMORY.DMP
2015-07-13 14:25 - 2015-07-13 14:25 - 00002489 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-13 14:25 - 2015-07-13 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-10 22:26 - 2015-07-10 22:33 - 00000000 ____D C:\Users\Emilia\ShadowHunter
2015-07-10 22:25 - 2015-07-10 22:33 - 00000000 ____D C:\Users\Emilia\AppData\Local\ShadowHunter
2015-07-10 17:20 - 2015-07-10 17:24 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\Trove
2015-07-10 16:27 - 2015-07-10 16:27 - 00000212 _____ C:\Users\Emilia\Desktop\Odyssey Reborn.url
2015-07-10 16:24 - 2015-07-10 16:24 - 00000212 _____ C:\Users\Emilia\Desktop\Shadow Hunter.url
2015-07-10 16:16 - 2015-07-10 16:16 - 00000212 _____ C:\Users\Emilia\Desktop\Trove.url
2015-07-05 17:14 - 2015-07-05 17:17 - 13640654 _____ C:\Users\Emilia\Downloads\DDNet-7.8.1-win32.zip
2015-07-04 13:11 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-04 13:10 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-04 13:09 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-04 13:08 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-04 13:08 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-04 13:06 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-04 13:05 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-04 13:05 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-04 13:04 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-04 13:04 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-07-04 13:04 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-04 13:04 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-04 13:04 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-04 13:00 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-07-04 13:00 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-07-04 13:00 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-07-04 13:00 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-07-04 13:00 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-04 13:00 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-07-04 13:00 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-04 13:00 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-04 13:00 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-04 12:58 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-04 12:58 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-04 12:57 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 12:55 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-04 12:53 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-04 12:52 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-04 12:50 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-04 12:48 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-04 12:27 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-04 12:27 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-04 12:27 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-04 12:27 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-04 12:27 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-04 12:01 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-04 12:01 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-04 12:01 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-04 12:01 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-04 12:01 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-04 12:01 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-04 12:01 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-04 12:01 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-04 12:01 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-04 12:01 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-04 12:01 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-04 12:01 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-04 12:01 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-04 12:01 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-04 12:01 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-04 12:01 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-30 13:33 - 2015-06-30 14:48 - 00000000 ____D C:\ProgramData\Netzmanager
2015-06-30 13:33 - 2015-06-30 13:33 - 00000722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2015-06-30 13:33 - 2015-06-30 13:33 - 00000000 ___DC C:\Program Files\Microsoft WSE
2015-06-30 13:33 - 2015-06-30 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2015-06-30 13:32 - 2015-06-30 13:33 - 00000000 __HDC C:\ProgramData\{7F13FB29-2E97-44BD-B7D8-AD3448228A45}
2015-06-30 13:28 - 2015-06-30 13:32 - 11168328 _____ (Deutsche Telekom AG, Marmiko IT-Solutions GmbH ) C:\Users\Emilia\Downloads\netzmanager_setup.exe
2015-06-28 22:20 - 2015-06-28 22:20 - 00000000 ___DC C:\Program Files\Common Files\Java
2015-06-28 22:13 - 2015-06-28 22:14 - 00562272 _____ (Oracle Corporation) C:\Users\Emilia\Downloads\chromeinstall-8u45.exe
2015-06-28 12:43 - 2015-07-03 00:38 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\Cubic
2015-06-28 12:39 - 2015-06-28 12:39 - 00000212 _____ C:\Users\Emilia\Desktop\Cubic Castles.url
2015-06-27 20:20 - 2015-06-27 20:20 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\Waveform
2015-06-27 19:36 - 2015-06-27 19:36 - 00000212 _____ C:\Users\Emilia\Desktop\8BitMMO.url
2015-06-27 15:06 - 2015-06-27 15:06 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\ots

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 19:03 - 2012-04-24 19:41 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\Skype
2015-07-16 19:01 - 2013-04-13 17:10 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 19:01 - 2013-04-13 17:10 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 18:58 - 2012-09-12 14:57 - 01748438 _____ C:\Windows\WindowsUpdate.log
2015-07-16 18:55 - 2015-03-03 20:03 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 18:55 - 2015-03-03 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-16 18:48 - 2014-11-18 21:06 - 00000000 ____D C:\Users\Emilia\AppData\Local\LogMeIn Hamachi
2015-07-16 18:45 - 2013-03-14 10:28 - 00109258 _____ C:\Windows\PFRO.log
2015-07-16 18:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 18:45 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-16 18:45 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-16 18:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\LogFiles
2015-07-16 15:59 - 2011-09-01 16:48 - 00001356 _____ C:\Users\Emilia\AppData\Local\d3d9caps.dat
2015-07-16 15:49 - 2009-10-09 13:57 - 00000000 ____D C:\Windows\Minidump
2015-07-16 13:55 - 2012-03-31 11:18 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 01:38 - 2013-04-13 10:46 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-14 18:01 - 2013-04-13 19:08 - 00001933 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-13 14:25 - 2012-04-24 19:40 - 00000000 __RDC C:\Program Files\Skype
2015-07-13 14:25 - 2011-04-14 16:49 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 00:55 - 2012-03-31 00:57 - 00000000 ____D C:\Users\Emilia\AppData\Roaming\TS3Client
2015-07-10 22:26 - 2011-08-27 22:56 - 00000000 ____D C:\Users\Emilia
2015-07-04 19:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-04 13:36 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-07-04 13:18 - 2013-03-14 10:28 - 00373880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-04 13:14 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-07-04 13:14 - 2006-11-02 14:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-04 13:10 - 2008-12-05 01:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-04 13:03 - 2006-11-02 12:33 - 01542896 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 12:48 - 2013-07-26 03:03 - 00000000 ____D C:\Windows\system32\MRT
2015-07-04 12:28 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-28 22:19 - 2015-01-31 12:09 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-06-28 22:19 - 2013-07-25 16:27 - 00000000 ___DC C:\Program Files\Java
2015-06-27 20:54 - 2012-05-26 22:16 - 00000000 ___DC C:\Program Files\Common Files\Steam
2015-06-27 16:05 - 2011-08-27 23:05 - 00000000 ___RD C:\Users\Emilia\Desktop\Spiele
2015-06-18 08:41 - 2015-03-03 20:03 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-03-03 20:03 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-03-03 20:03 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-01-19 19:42 - 2015-02-24 22:29 - 0000794 _____ () C:\Users\Emilia\AppData\Roaming\Emiliav3.4.2.2.vbs
2013-07-20 20:06 - 2014-05-16 16:48 - 0000600 _____ () C:\Users\Emilia\AppData\Roaming\winscp.rnd
2011-09-01 16:48 - 2015-07-16 15:59 - 0001356 _____ () C:\Users\Emilia\AppData\Local\d3d9caps.dat
2011-10-03 15:20 - 2015-02-20 22:52 - 0044544 _____ () C:\Users\Emilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-08 14:26 - 2014-11-08 14:26 - 0003370 _____ () C:\Users\Emilia\AppData\Local\recently-used.xbel
2013-09-08 16:38 - 2013-09-08 16:38 - 0000026 _____ () C:\Users\Emilia\AppData\Local\TempJOSEFS-PCEmilia.verlauf
2011-04-14 16:53 - 2011-04-14 16:53 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-01-24 20:56 - 2012-01-24 21:01 - 0000356 _____ () C:\ProgramData\hpzinstall.log
2009-11-12 21:10 - 2009-11-12 21:10 - 0133350 _____ () C:\ProgramData\LuUninstall.LiveUpdate
2013-05-01 21:33 - 2013-07-30 00:39 - 0005488 _____ () C:\ProgramData\NanoRepository.bin
2013-05-01 21:33 - 2013-06-22 00:46 - 0005488 _____ () C:\ProgramData\NanoRepository.bin.bak

Some files in TEMP:
====================
C:\Users\Emilia\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-16 18:57

==================== End of log ============================

--- --- ---

Addition.txt:
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Emilia at 2015-07-16 19:10:41
Running from C:\Users\Emilia\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4008095182-3589058916-2039343968-500 - Administrator - Disabled)
Emilia (S-1-5-21-4008095182-3589058916-2039343968-1001 - Administrator - Enabled) => C:\Users\Emilia
Gast (S-1-5-21-4008095182-3589058916-2039343968-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
8BitMMO (HKLM\...\Steam App 250420) (Version:  - Archive Entertainment)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AirXonix version 1.37G (HKLM\...\AirXonix_is1) (Version:  - )
Amigabit Powerbooster 3.2.5 (HKLM\...\{15C38046-3AED-450d-9F03-1EFDA5FC5786}_is1) (Version:  - Amigabit, Inc.)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Ashampoo Magical Defrag 3 v.3.0.2 (HKLM\...\{91B33C97-5BE1-13B1-27A8-0409541A93B0}_is1) (Version: 3.0.2 - Ashampoo GmbH & Co. KG)
BEEP (HKLM\...\Steam App 104200) (Version:  - Big Fat Alien)
Between IGF Demo (HKLM\...\Steam App 29140) (Version:  - Jason Rohrer)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.00.11 - TOSHIBA CORPORATION)
BurnRecovery (HKLM\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 1.0.0.1030 - MSI)
Camera Obscura (HKLM\...\Steam App 341500) (Version:  - Anteater Games)
Clicker Heroes (HKLM\...\Steam App 363970) (Version:  - )
Counter-Strike 2D 0.1.2.2 (HKLM\...\{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1) (Version:  - Unreal Software)
Craften Terminal 3.3.4897.28268 (HKLM\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.3.4897.28268 - Craften Dev Team)
Creative Systeminformationen (HKLM\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Delver (HKLM\...\Steam App 249630) (Version:  - Chad Alan Cuddigan)
Die Sims™ 2 (HKLM\...\{2C82E097-694E-44ea-A947-2750679469CF}) (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 Vier Jahreszeiten (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
DJ_AIO_06_F2400_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Eternal Senia (HKLM\...\Steam App 351640) (Version:  - Holy Priest)
FireJump 1.0.1.8 (HKLM\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.1.8 - FireJump.net)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GPL Ghostscript 8.70 (HKLM\...\GPL Ghostscript 8.70) (Version:  - )
Hammerwatch (HKLM\...\Steam App 239070) (Version:  - Crackshell)
HexChat (x86) (HKLM\...\HexChat (x86)_is1) (Version: 2.9.5 - HexChat)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
iLivid (Version: 1.92.0.118480 - Bandoo Media Inc.) Hidden <==== ATTENTION
Inkscape 0.48.4 (HKLM\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 67 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
K-Lite Codec Pack 7.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
KVIrc (HKLM\...\KVIrc) (Version:  - Szymon Stefanek and The KVIrc Development Team)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Magicite (HKLM\...\Steam App 268750) (Version:  - SmashGames)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mario Forever 4.0 (HKLM\...\Mario Forever) (Version: 4.0 - Buziol Games)
Mario Forever Block Party (HKLM\...\Mario Forever Block Party) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires (HKLM\...\Age of Empires) (Version:  - )
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669) (HKLM\...\{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C76C02F1-B07F-4974-876A-A18DEC9887C8}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665) (HKLM\...\{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Monaco (HKLM\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mozilla Firefox 16.0.2 (x86 de) (HKLM\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 21.0 (x86 de) (HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\Mozilla Firefox 21.0 (x86 de)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
MSI Software Install (HKLM\...\{07690F1C-04B1-4060-9691-6748ED1826B9}) (Version: 1.0.8.0922 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-7c1b4d76-df10-43ec-8367-74a9dda8e536) (Version:  - Epic Games, Inc.)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.200 - Deutsche Telekom AG)
Netzmanager (Version: 1.200 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Neverball 1.5.4 (HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\Neverball) (Version: 1.5.4 - )
Nexon Launcher (HKLM\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA PhysX (HKLM\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Odyssey Reborn (HKLM\...\Steam App 351840) (Version:  - Jaron Leavitt)
One Way Heroics (HKLM\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
osu! (HKLM\...\{42ecd6b0-5f39-4975-848a-247a32c2518b}) (Version: latest - ppy Pty Ltd)
Out There Somewhere (HKLM\...\Steam App 263980) (Version:  - MiniBoss)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PLAY ONLINE (HKLM\...\PLAY ONLINE) (Version: 21.005.11.17.264 - Huawei Technologies Co.,Ltd)
Polarity (HKLM\...\Steam App 315430) (Version:  - Bluebutton Games)
puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5628 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - )
Robocraft (HKLM\...\Steam App 301520) (Version:  - Freejam)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shadow Hunter (HKLM\...\Steam App 365270) (Version:  - Jeff Trier)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.221 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.221 - Sony)
Sound Blaster Tactic(3D) (HKLM\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.0208.0812.001.01 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Mighty Quest For Epic Loot (HKLM\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity Web Player (HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Waveform (HKLM\...\Steam App 204180) (Version:  - Eden Industries)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.5 (HKLM\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
Wise Disk Cleaner 7.41 (HKLM\...\Wise Disk Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.41 (HKLM\...\Wise Registry Cleaner_is1) (Version:  - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4008095182-3589058916-2039343968-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-4008095182-3589058916-2039343968-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Emilia\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1168F2F7-3C06-4EAE-AFF6-6E0009F2700B} - \Java Update Scheduler No Task File <==== ATTENTION
Task: {19EAF90D-F44E-4CA9-9AE6-75DB5C4A9153} - \ScanSoft Background Update No Task File <==== ATTENTION
Task: {42570368-0C64-46E9-A596-61BC01C731FF} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {46082B65-EB0E-4585-A4D4-3E4FC415919F} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {57E9FF71-69BE-4410-B0E8-9985FEBFDD83} - \{90FFC1A6-EF04-4398-9C63-F03D4C2C9CEF} No Task File <==== ATTENTION
Task: {7C327E22-B9F6-454B-A813-B32A5023532E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)
Task: {98F7AEC9-3039-4DBE-9D68-693A45316641} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {F66F65CD-CA0A-4C88-BA72-A74F48869F89} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-10-03 11:34 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-01-18 00:47 - 2009-12-16 12:21 - 00890208 ____C () Z:\Application\Ashampoo Magical Defrag 3\defragservice.exe
2008-12-04 23:53 - 2008-02-22 09:43 - 00192512 _____ () C:\Program Files\System Control Manager\MSIWmiAcpi.dll
2008-12-04 23:53 - 2008-07-18 23:39 - 00053248 _____ () C:\Program Files\System Control Manager\MGKBHook.dll
2014-01-18 00:47 - 2009-12-16 12:21 - 00927072 ____C () Z:\Application\Ashampoo Magical Defrag 3\defragtaskbar.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2008-12-04 23:53 - 2008-02-22 09:45 - 00159744 _____ () C:\Program Files\System Control Manager\MSIService.exe
2010-10-19 09:31 - 2010-10-19 09:31 - 00159744 ____C () Z:\Application\Netzmanager\NMInfraIS2\driver\SoftplugLib.dll
2012-01-10 14:41 - 2015-04-12 16:39 - 00568904 ____C () Z:\Application\puu.sh\puush.exe
2014-01-18 00:43 - 2012-04-26 15:14 - 00080976 ____C () Z:\Application\Amigabit Powerbooster\VersionInfo.dll
2014-01-18 00:43 - 2012-04-26 15:14 - 00101456 ____C () Z:\Application\Amigabit Powerbooster\SkinScrollBar.Dll
2014-01-18 00:43 - 2012-04-26 15:14 - 00166992 ____C () Z:\Application\Amigabit Powerbooster\NetReg.dll
2014-01-18 00:43 - 2013-02-26 17:52 - 00155648 ____C () Z:\Application\Amigabit Powerbooster\mlutil.dll
2005-07-23 07:30 - 2005-07-23 07:30 - 00065536 _____ () C:\Windows\system32\TosCommAPI.dll
2015-03-26 10:43 - 2015-03-26 10:43 - 00093696 ____C () Z:\Application\Netzmanager\WizAccessErrorLocGer.dll
2015-03-05 18:11 - 2015-03-05 18:11 - 00070144 ____C () Z:\Application\Netzmanager\WizConnectionLocGer.dll
2014-01-18 00:47 - 2009-12-16 12:21 - 00132448 ____C () Z:\Application\Ashampoo Magical Defrag 3\defragmonitorservice.exe
2014-01-18 00:47 - 2009-12-16 12:21 - 00083296 ____C () Z:\Application\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
2015-07-14 18:01 - 2015-07-13 23:55 - 16308040 ____C () C:\Program Files\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4008095182-3589058916-2039343968-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emilia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Hamachi2Svc => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [TCP Query User{44589DA5-0D3A-4A7A-AE84-3B133F6E4565}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4F1D3F0A-1369-444E-ACC0-FAF67F8A5BA4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{3B63804F-2D2E-44CB-9CFA-D4435FEA8346}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{DA5943B0-9FF2-4FE1-92E7-A06F1249621E}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{E4457C98-CA5E-4ABF-AF45-4029B53A9B79}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2E04AA13-6710-4AFB-9AC7-E55A50BCFF33}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9D38E525-6633-4FF7-974A-6FADD9E10564}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D553B228-0C4B-473E-86E7-BF84DE5F85A6}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{F2EEF2F1-D6B8-4A04-BBB7-4D4112D53D06}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{D10FA08D-1E7E-4913-8329-CFC6ECAC3C40}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{82D473F8-88F2-436D-B2B8-554DA55B3357}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8DA82A2F-C825-44D2-88A8-292D9527E7AC}Z:\gry\age of empires i\empires.exe] => (Allow) Z:\gry\age of empires i\empires.exe
FirewallRules: [UDP Query User{99E51D1A-F7B0-4563-B5D4-E3653C9358F1}Z:\gry\age of empires i\empires.exe] => (Allow) Z:\gry\age of empires i\empires.exe
FirewallRules: [TCP Query User{31A8F0FA-4463-4003-BFF6-B27F13941E55}Z:\gry\age of empires iii\age3.exe] => (Allow) Z:\gry\age of empires iii\age3.exe
FirewallRules: [UDP Query User{A4E1B79F-47B1-4AD2-860F-D8DB157EDE5D}Z:\gry\age of empires iii\age3.exe] => (Allow) Z:\gry\age of empires iii\age3.exe
FirewallRules: [{3319FBEC-8E9C-492E-8F02-4C49F57AADA4}] => (Allow) Z:\Programme\Steam\Steam.exe
FirewallRules: [{D510409C-9596-4A97-A29A-DCC1BCC8D213}] => (Allow) Z:\Programme\Steam\Steam.exe
FirewallRules: [{F05B73B4-684A-4EDC-A101-64154D4E4ABC}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [{3F682698-5ED7-46BD-BF29-F02F3CEB50CD}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp_server.exe
FirewallRules: [{3E9DFD87-A9E2-44D9-8F96-4D2864F232CC}] => (Allow) Z:\Programme\Steam\Steam.exe
FirewallRules: [{8E40398C-B076-4E8F-B332-6FBAE61D12BA}] => (Allow) Z:\Programme\Steam\Steam.exe
FirewallRules: [TCP Query User{28C06527-76A6-4F25-BA7A-909F2A259606}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{55E64F00-5B0D-438A-B1EC-0B8CD0B19A07}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{0877E089-E7A9-4C10-9DAC-3F6810D186AE}] => (Allow) LPort=80
FirewallRules: [{13CAF2B5-4FC8-413E-B3CE-B6B86AF99DB1}] => (Allow) LPort=80
FirewallRules: [{FD7BDC4B-5FA8-4091-AAD6-9B244D268085}] => (Allow) LPort=80
FirewallRules: [{778FD501-CC79-4507-ADC3-B118D202DA94}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{3E3FDC79-1A68-4BEC-9F33-60672A06733B}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{702F9F22-5835-4303-B0CA-CA17B9FA42E6}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{7FB9A86E-7734-4C19-9817-4FBFCAE9058E}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{4573D75B-9282-4FEC-9AA0-2D99B7CCDBEA}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C352F9E8-DDD1-4077-BCD7-22C3D693751F}] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [{19BAC7C0-70C9-4A60-BE69-A48948B40B8A}] => (Allow) C:\Windows\system32\dfsr.exe
FirewallRules: [{32C9768C-9912-4FEE-B81F-E076EECD8237}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{2180A10C-E4D2-47C9-990E-896C703D10C6}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{75F4780D-5AFA-4F66-B3C8-239323743902}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{EE51BCB6-20D4-49D0-B456-7D6E7667FA37}] => (Allow) C:\Program Files\Windows Collaboration\WinCollab.exe
FirewallRules: [{1E9D79BB-7354-4122-A73D-90B50E55324D}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{3F14D3A4-62B0-4F55-BD88-1618945D7AC4}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{A5480B91-8DC4-4792-BD65-065DFB8815E5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{ED3A3D82-1EA0-40BE-AFD0-4B1B210F4E8E}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{5079B5BF-896E-4747-8022-7DEF832FA06A}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{A28B7B07-F751-4E2D-82AB-BF9C79E32B74}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{A35840A7-3F39-4FFC-8187-DD79DC8D09E6}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{3C14FE30-B75B-4D24-AB5C-FC4D962D6222}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5sp.exe
FirewallRules: [{5DCE3678-D236-42E0-8CCB-112D20BF450D}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{A19B105C-C033-4AB5-BE02-BFE8941A6D0F}] => (Allow) Z:\Programme\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{5C401618-FFBE-4FA6-B42E-7111BEBBD1AF}] => (Allow) Z:\Programme\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{CF3BDF17-C295-42B8-867F-2A0E408F27C6}] => (Allow) Z:\Programme\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{CE4A2AA6-F1EF-4B73-A890-963E057A7F09}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{44CF5A44-BA4C-4B54-9EBB-EFDAC756093E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{0A9A46F1-BB8B-4522-9411-966C6F5D62D1}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{25C457E0-670C-4736-B972-9CBAD212F13B}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6DFFDB8E-F75A-45E5-A7C1-7D103D8F8FED}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D776492B-A32C-46F9-955F-98DCCD984EB2}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{71E1B9A9-EB09-431C-B8E1-D2992190C443}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{37F5798F-3A53-44A2-96BE-98A17914E082}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{7DCB5D66-AEBD-4FF4-89F7-4E3D96AB8FC2}Z:\programme\hexchat\hexchat.exe] => (Allow) Z:\programme\hexchat\hexchat.exe
FirewallRules: [UDP Query User{057BD0FE-9697-496E-B087-70BB19389670}Z:\programme\hexchat\hexchat.exe] => (Allow) Z:\programme\hexchat\hexchat.exe
FirewallRules: [TCP Query User{98ACE0C9-2811-4E47-8954-C78C825492DC}Z:\programme\hexchat\hexchat.exe] => (Allow) Z:\programme\hexchat\hexchat.exe
FirewallRules: [UDP Query User{DB99F931-2A61-49D6-AD7E-CC7860068BE9}Z:\programme\hexchat\hexchat.exe] => (Allow) Z:\programme\hexchat\hexchat.exe
FirewallRules: [TCP Query User{C85A8406-F070-4B58-959E-B4A9F26BDFAE}Z:\gry\counter-strike 2d\counterstrike2d.exe] => (Block) Z:\gry\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{C3FA5EF4-EE68-48EC-8F86-2BD887492AB9}Z:\gry\counter-strike 2d\counterstrike2d.exe] => (Block) Z:\gry\counter-strike 2d\counterstrike2d.exe
FirewallRules: [TCP Query User{CF02271A-5607-44F8-BAC3-15979060AE07}Z:\application\ares\ares.exe] => (Block) Z:\application\ares\ares.exe
FirewallRules: [UDP Query User{B1A9F8AF-3E1B-463E-830E-DEBBE28D20BA}Z:\application\ares\ares.exe] => (Block) Z:\application\ares\ares.exe
FirewallRules: [TCP Query User{45A6A3E0-9630-4F35-A2D7-DA1B5D4BE06F}Z:\application\ares\ares.exe] => (Allow) Z:\application\ares\ares.exe
FirewallRules: [UDP Query User{20C3497E-3C0E-4AD0-A13A-C656348C5B16}Z:\application\ares\ares.exe] => (Allow) Z:\application\ares\ares.exe
FirewallRules: [TCP Query User{A5AF2A7D-07EC-4D2B-9EC4-BEB02BDB6D28}Z:\gry\counter-strike 2d\counterstrike2d.exe] => (Allow) Z:\gry\counter-strike 2d\counterstrike2d.exe
FirewallRules: [UDP Query User{4DA1C8F8-398A-4020-9E4C-44846F4827BD}Z:\gry\counter-strike 2d\counterstrike2d.exe] => (Allow) Z:\gry\counter-strike 2d\counterstrike2d.exe
FirewallRules: [{6ACC422A-620E-4464-9221-6E5FDB6CC47D}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9D699674-0DBE-40B0-819A-E9DAE5FEBD38}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B7A63B6A-63EA-4457-9D98-6873E348FBFD}] => (Allow) Z:\Programme\Steam\SteamApps\common\Between - Demo\Between.exe
FirewallRules: [{4755006E-6AAD-4232-8D9F-F1403F72D9DB}] => (Allow) Z:\Programme\Steam\SteamApps\common\Between - Demo\Between.exe
FirewallRules: [{4885EFA7-9D74-41C6-9145-C5A5938566C8}] => (Allow) Z:\Programme\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{300F9F53-824F-477D-8D26-8E3C69EFB8D9}] => (Allow) Z:\Programme\Steam\SteamApps\common\Realm of the Mad God\Realm of the Mad God.exe
FirewallRules: [{9743E20A-53DE-4FD4-A6A3-B612A1B42827}] => (Allow) Z:\Programme\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{F1E3DD2F-8669-4593-B234-28BAACEA03E5}] => (Allow) Z:\Programme\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{02CCB92E-1577-4CC7-B74A-1CE7ED8D06F2}Z:\programme\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) Z:\programme\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [UDP Query User{652011D4-C1D8-41EE-9D99-EDCB542B4B71}Z:\programme\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) Z:\programme\steam\steamapps\common\antichamber\binaries\win32\udk.exe
FirewallRules: [{63E15312-91A0-455B-A637-54B667FF0124}] => (Allow) Z:\Programme\Steam\SteamApps\common\Delver\delver.exe
FirewallRules: [{8EAC988B-EF3A-4A9B-A6AA-91EF4ECEE170}] => (Allow) Z:\Programme\Steam\SteamApps\common\Delver\delver.exe
FirewallRules: [TCP Query User{336DA110-CCDE-4AE3-9398-41A972D01AC4}Z:\application\kvirc\kvirc.exe] => (Block) Z:\application\kvirc\kvirc.exe
FirewallRules: [UDP Query User{C8108EF6-C761-4BFA-8DE4-864ACC59BBDA}Z:\application\kvirc\kvirc.exe] => (Block) Z:\application\kvirc\kvirc.exe
FirewallRules: [TCP Query User{8E6C3A90-6738-466C-BFA3-2DCBB54E6BCE}Z:\application\kvirc\kvirc.exe] => (Allow) Z:\application\kvirc\kvirc.exe
FirewallRules: [UDP Query User{43B1F372-D005-4171-A067-68134133320E}Z:\application\kvirc\kvirc.exe] => (Allow) Z:\application\kvirc\kvirc.exe
FirewallRules: [{78A717E2-5A87-4483-A53D-FA5A73BACFB4}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{2FF05761-2AB4-4238-A6FA-5D890A6BE84A}Z:\gry\ddnet\ddrace-server.exe] => (Block) Z:\gry\ddnet\ddrace-server.exe
FirewallRules: [UDP Query User{2C24183F-09A3-4C40-BB23-7EB1770B4796}Z:\gry\ddnet\ddrace-server.exe] => (Block) Z:\gry\ddnet\ddrace-server.exe
FirewallRules: [{01424019-99AA-4214-8D03-3B061137B07E}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{012084D8-B091-4063-B432-701939C81B0E}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\PublicLauncher.exe
FirewallRules: [{CE8543C6-D6ED-4C66-A134-F54CFCB415BE}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [{CCCC33E3-0356-4E33-B0AE-66FC9FD79B70}] => (Allow) Z:\Programme\Steam\SteamApps\common\The Mighty Quest For Epic Loot\Launcher\MQELDiagnostics.exe
FirewallRules: [TCP Query User{2528F58B-ADDE-413C-B440-325F5254A73F}Z:\gry\teeworlds\teeworlds_srv.exe] => (Allow) Z:\gry\teeworlds\teeworlds_srv.exe
FirewallRules: [UDP Query User{A3C3BAC7-8B82-4BBD-88BB-2D4D6882E1BA}Z:\gry\teeworlds\teeworlds_srv.exe] => (Allow) Z:\gry\teeworlds\teeworlds_srv.exe
FirewallRules: [{E69E4C01-072A-472F-9995-E78481363647}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{901B1A06-EC2D-4484-9E94-A3F42295D525}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{950948CF-3E08-4066-A950-8D6196129805}Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe] => (Allow) Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe
FirewallRules: [UDP Query User{2E192ACA-9D3F-4092-A2BC-23C8FCCD0BB7}Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe] => (Allow) Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe
FirewallRules: [{4B6BEE60-A469-4458-B8ED-5B506E3C8663}] => (Allow) Z:\Programme\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{0E28BFF6-A994-4D41-83A2-735BB90D7B6D}] => (Allow) Z:\Programme\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{9750EAB3-22FD-4751-BDE5-9475BE343A85}] => (Allow) Z:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{02A0B23D-CCB7-414F-A53E-0751EDF1E464}] => (Allow) Z:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{8D8EA786-012A-4331-9831-6A090F059D01}] => (Allow) Z:\Programme\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DC8A6867-54A7-4E1C-B89E-35032059EB94}] => (Allow) Z:\Programme\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{D7AEA6FA-3469-4506-94B6-910D73433F3C}Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe] => (Block) Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe
FirewallRules: [UDP Query User{8D7A407F-FC13-4457-A4CF-380B102A4C82}Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe] => (Block) Z:\gry\ddnetteeworldsclient\ddnet-4.2-win32\ddnet.exe
FirewallRules: [{391AED54-50EB-4066-AAE2-D788A1852942}] => (Allow) Z:\Programme\Steam\SteamApps\common\One Way Heroics\Game.exe
FirewallRules: [{6539FBD4-F8BE-4B09-A95B-EC5629ABD48F}] => (Allow) Z:\Programme\Steam\SteamApps\common\One Way Heroics\Game.exe
FirewallRules: [{689A9F61-0832-4083-9523-762BC040EDB6}] => (Allow) Z:\Programme\Steam\SteamApps\common\One Way Heroics\Config.exe
FirewallRules: [{864756E3-B13A-40B9-9E44-BE86678B3426}] => (Allow) Z:\Programme\Steam\SteamApps\common\One Way Heroics\Config.exe
FirewallRules: [{8BE353C9-2A88-480E-8997-7AD4055654E0}] => (Allow) Z:\Programme\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{E25D3B2E-4C26-4B5B-94BD-B6E1CF000A41}] => (Allow) Z:\Programme\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{DDCEF9C9-B6D6-4F14-9523-A43595094D5D}] => (Allow) Z:\Programme\Steam\SteamApps\common\Magicite\Magicite.exe
FirewallRules: [{953F7A9C-12F1-47FD-95E9-F3E26DACB10F}] => (Allow) Z:\Programme\Steam\SteamApps\common\Magicite\Magicite.exe
FirewallRules: [{AC8F5149-0407-42BD-9717-BC9766D82493}] => (Allow) Z:\Programme\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{8FBACE02-94ED-429B-AD84-61B11DAD243F}] => (Allow) Z:\Programme\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{E5A7CD53-41C3-41FF-B2BA-D1AEA3EE68C2}] => (Allow) Z:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{B9ACCF61-090C-464B-991A-57DD88DEAEAB}] => (Allow) Z:\Programme\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{06297567-0D04-417B-B2CC-F08E82D605A5}] => (Allow) Z:\Programme\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{E0B1CB4E-7830-4570-8B28-94B2557FDEF6}] => (Allow) Z:\Programme\Steam\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [TCP Query User{5DCDB8D9-60B8-4E2F-933F-48D0440E7C93}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{FA033AC1-323B-4A9E-9E52-E732FBE8E68E}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{DBE5F7D8-15E2-4B63-9920-E433D45E3CB2}Z:\gry\age of empires i\empires2.icd] => (Allow) Z:\gry\age of empires i\empires2.icd
FirewallRules: [UDP Query User{69C2E12B-0FF8-45DC-A567-624CD0492F78}Z:\gry\age of empires i\empires2.icd] => (Allow) Z:\gry\age of empires i\empires2.icd
FirewallRules: [{75A2C275-ADE8-473B-BBB3-DCBECF674F34}] => (Allow) Z:\Programme\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{7EB4DAE0-3AA3-467C-8C2F-26D4E1F462AA}] => (Allow) Z:\Programme\Steam\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{D46C3987-E19B-4319-BB17-06F44CB34F66}] => (Allow) Z:\Programme\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{FF4CCC36-2A12-4477-8630-CBB705AC460D}] => (Allow) Z:\Programme\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{57399132-9D82-4F53-8334-5C7A58D303F5}] => (Allow) Z:\Programme\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{31823813-8F2F-4CEF-9D9E-4286C43E5604}] => (Allow) Z:\Programme\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{A48368AA-FA39-4051-AE49-68C3DFC690AE}] => (Allow) Z:\Programme\Steam\SteamApps\common\outtheresomewhere\ots.exe
FirewallRules: [{6992AF2B-75AD-4EA6-BAA7-052FF83D97D2}] => (Allow) Z:\Programme\Steam\SteamApps\common\outtheresomewhere\ots.exe
FirewallRules: [{38CF387F-8141-4D43-AE20-0E7D446B61EF}] => (Allow) Z:\Programme\Steam\SteamApps\common\Camera Obscura\CameraObscura.exe
FirewallRules: [{78B564B7-B34B-402C-9583-6DE07DE0DC96}] => (Allow) Z:\Programme\Steam\SteamApps\common\Camera Obscura\CameraObscura.exe
FirewallRules: [{40A3C9E5-3F31-4B51-ABF0-93468A855AA0}] => (Allow) Z:\Programme\Steam\SteamApps\common\Camera Obscura\Editor.exe
FirewallRules: [{A90F4392-C361-49D6-AE6A-3F57B6D64C60}] => (Allow) Z:\Programme\Steam\SteamApps\common\Camera Obscura\Editor.exe
FirewallRules: [{3ACFEC78-D3C4-48A5-9149-F1B56BB15A64}] => (Allow) Z:\Programme\Steam\SteamApps\common\BEEP\BEEP.exe
FirewallRules: [{E4F28D99-1A87-410B-A006-B0BE0D4712EF}] => (Allow) Z:\Programme\Steam\SteamApps\common\BEEP\BEEP.exe
FirewallRules: [{343B9E81-9E82-4AFD-BE0A-217634599DD8}] => (Allow) Z:\Programme\Steam\SteamApps\common\Waveform\Waveform.exe
FirewallRules: [{CCA7379E-BAF4-4CE0-9EEF-754F73177744}] => (Allow) Z:\Programme\Steam\SteamApps\common\Waveform\Waveform.exe
FirewallRules: [{B1F9605A-8077-40D4-9C61-B61018022CE6}] => (Allow) Z:\Programme\Steam\SteamApps\common\Polarity\Polarity.exe
FirewallRules: [{2FD16A4E-EA35-4083-9C2C-E3CA0AECD199}] => (Allow) Z:\Programme\Steam\SteamApps\common\Polarity\Polarity.exe
FirewallRules: [{0CA16AFC-6D33-404B-8AF5-28D9337A5BDD}] => (Allow) Z:\Programme\Steam\SteamApps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{30A9F9FB-257B-4119-8807-96E91F87CF07}] => (Allow) Z:\Programme\Steam\SteamApps\common\8BitMMO\jre\bin\javaw.exe
FirewallRules: [{3D316782-B8D3-4982-82C3-9DA18A50CB99}] => (Allow) Z:\Programme\Steam\SteamApps\common\Cubic Castles\Cubic.exe
FirewallRules: [{CB16F7C1-23AA-4ED3-9148-C47518D9F132}] => (Allow) Z:\Programme\Steam\SteamApps\common\Cubic Castles\Cubic.exe
FirewallRules: [TCP Query User{5BC0821B-9B69-45AB-A2A8-0AFF29910232}Z:\gry\ddnetteeworldsclient\ddnet-7.8.1-win32\ddnet.exe] => (Allow) Z:\gry\ddnetteeworldsclient\ddnet-7.8.1-win32\ddnet.exe
FirewallRules: [UDP Query User{2D86CFC1-0103-4DB2-8E87-15FA5BE384E5}Z:\gry\ddnetteeworldsclient\ddnet-7.8.1-win32\ddnet.exe] => (Allow) Z:\gry\ddnetteeworldsclient\ddnet-7.8.1-win32\ddnet.exe
FirewallRules: [{6AEDD271-9AC4-473F-B1F2-18F415425679}] => (Allow) Z:\Programme\Steam\SteamApps\common\Odyssey\ody.exe
FirewallRules: [{8534C961-5614-427C-8449-3784E0C8E90F}] => (Allow) Z:\Programme\Steam\SteamApps\common\Odyssey\ody.exe
FirewallRules: [{DAE24EDC-930C-4C7E-A870-E3A5C8EF21A7}] => (Allow) Z:\Programme\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{DB2401F7-4CFB-4CBF-A91F-BA8C3B34691A}] => (Allow) Z:\Programme\Steam\SteamApps\common\Trove\GlyphClient.exe
FirewallRules: [{C9C082E9-698B-4839-96BC-256BEE2738FD}] => (Allow) Z:\Programme\Steam\SteamApps\common\Shadow Hunter\shadowhunter.exe
FirewallRules: [{EFF202A1-1843-487B-AD03-1E349C7D9284}] => (Allow) Z:\Programme\Steam\SteamApps\common\Shadow Hunter\shadowhunter.exe
FirewallRules: [{89D30354-3D3F-4DA2-8FB2-8713222107D7}] => (Allow) Z:\Programme\Steam\SteamApps\common\Eternal Senia\Game.exe
FirewallRules: [{412F9090-D193-4D39-9202-F33C2FF92484}] => (Allow) Z:\Programme\Steam\SteamApps\common\Eternal Senia\Game.exe
FirewallRules: [{8CAC84CE-560C-45B6-A5A3-AB1D7EBD4F4C}] => (Allow) Z:\Programme\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C0565209-066A-406C-9C20-8DA32B7DD103}] => (Allow) Z:\Programme\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{32816208-922E-4F74-8350-BCC9CF5E9EA2}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{6BCBB7D7-9978-407B-9981-F072C4C57C42}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 06:45:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 06:45:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2015 06:22:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 06:22:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2015 04:00:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2015 03:58:49 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/16/2015 03:57:03 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2015 03:55:25 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/16/2015 03:44:03 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/16/2015 03:37:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/16/2015 06:54:04 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (07/16/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: BlueStacks Android Service%%1064

Error: (07/16/2015 06:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: PLAY ONLINE. OUC%%3

Error: (07/16/2015 04:31:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (07/16/2015 04:01:27 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/16/2015 04:00:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: spldr
Tosrfcom
Wanarpv6

Error: (07/16/2015 04:00:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: ComputerbrowserServer%%1068

Error: (07/16/2015 04:00:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Creative Audio ServiceWindows-Audio%%1068

Error: (07/16/2015 03:58:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/16/2015 03:58:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================
Error: (06/30/2013 09:51:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 256 seconds with 180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-07-16 19:10:34.527
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:33.719
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:32.945
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:32.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:31.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:30.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:29.676
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:10:28.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:09:59.957
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-16 19:09:59.103
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 72%
Total physical RAM: 3036.44 MB
Available physical RAM: 822.99 MB
Total Virtual: 6291.12 MB
Available Virtual: 3752.09 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:43.95 GB) (Free:1.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive z: (Data) (Fixed) (Total:181.13 GB) (Free:132.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 16662839)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=27)
Partition 2: (Active) - (Size=43.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=181.1 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

schrauber · 17.07.2015, 10:46

sitzt du in Polen?

IceCubiee · 17.07.2015, 11:10

Momentan nicht, aber von Zeit zu Zeit schon.

schrauber · 18.07.2015, 07:46

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

iLivid
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

IceCubiee · 18.07.2015, 17:58

Da das Programm "iLivid" von Revo Uninstaller, nach mehreren Neustarts nicht gefunden wurde, hab ich es mir erlaubt Combofix ohne diesen Schritt zu starten.

Code:

ATTFilter

ComboFix 15-07-18.01 - Emilia 18.07.2015  18:33:33.1.2 - x86
ausgeführt von:: C:\Users\Emilia\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\END
C:\ProgramData\ntuser.pol
C:\Users\Emilia\AppData\Roaming\Emiliav3.4.2.2.vbs
C:\Windows\IsUn0407.exe
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\unin0407.exe

Infizierte Kopie von C:\Windows\system32\kernel32.dll wurde gefunden und desinfiziert 
Kopie von - C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.19381_none_954eccaf53b1df3c\kernel32.dll wurde wiederhergestellt 


(((((((((((((((((((((((   Dateien erstellt von 2015-06-18 bis 2015-07-18  ))))))))))))))))))))))))))))))


2015-07-18 16:41:10 . 2015-07-18 16:41:10	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2015-07-16 22:16:56 . 2015-07-16 22:16:56	--------	d-----w-	C:\Users\Emilia\AppData\Local\ESET
2015-07-16 17:09:14 . 2015-07-16 17:11:15	--------	dc----w-	C:\FRST
2015-07-16 14:26:46 . 2015-07-16 14:26:46	--------	d--h--w-	C:\Windows\PIF
2015-07-16 13:48:27 . 2015-07-16 13:48:27	--------	d-----w-	C:\Users\Emilia\AppData\Local\Mozilla
2015-07-10 20:26:19 . 2015-07-10 20:33:30	--------	d-----w-	C:\Users\Emilia\ShadowHunter
2015-07-10 20:25:04 . 2015-07-10 20:33:39	--------	d-----w-	C:\Users\Emilia\AppData\Local\ShadowHunter
2015-07-10 15:20:26 . 2015-07-10 15:24:05	--------	d-----w-	C:\Users\Emilia\AppData\Roaming\Trove
2015-07-09 10:17:52 . 2015-07-09 10:17:52	62576	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC8B0592-585E-4811-A68E-D3140F592DCB}\offreg.928.dll
2015-07-07 09:02:26 . 2015-07-07 09:02:26	62576	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC8B0592-585E-4811-A68E-D3140F592DCB}\offreg.988.dll
2015-07-04 11:11:03 . 2015-01-29 01:35:18	369664	----a-w-	C:\Windows\system32\WMPhoto.dll
2015-07-04 11:10:37 . 2015-01-29 01:35:13	975360	----a-w-	C:\Windows\system32\WindowsCodecs.dll
2015-07-04 11:09:43 . 2015-03-09 01:01:02	1249280	----a-w-	C:\Windows\system32\msxml3.dll
2015-07-04 11:08:57 . 2015-04-30 16:03:33	279040	----a-w-	C:\Windows\system32\schannel.dll
2015-07-04 11:08:16 . 2015-03-05 02:24:07	297984	----a-w-	C:\Windows\system32\gdi32.dll
2015-07-04 11:06:36 . 2015-04-24 15:54:56	532480	----a-w-	C:\Windows\system32\comctl32.dll
2015-07-04 11:05:18 . 2015-03-05 02:32:11	244152	----a-w-	C:\Windows\system32\clfs.sys
2015-07-04 11:05:18 . 2015-03-05 02:23:54	57344	----a-w-	C:\Windows\system32\clfsw32.dll
2015-07-04 11:04:26 . 2015-03-14 02:21:11	1205168	----a-w-	C:\Windows\system32\ntdll.dll
2015-07-04 11:04:26 . 2015-03-13 01:51:44	3604920	----a-w-	C:\Windows\system32\ntkrnlpa.exe
2015-07-04 11:04:26 . 2015-01-09 02:04:23	49152	----a-w-	C:\Windows\system32\csrsrv.dll
2015-07-04 11:04:26 . 2015-01-09 00:18:11	64000	----a-w-	C:\Windows\system32\smss.exe
2015-07-04 11:04:25 . 2015-03-13 01:51:44	3552184	----a-w-	C:\Windows\system32\ntoskrnl.exe
2015-07-04 11:00:45 . 2015-04-19 21:24:52	219648	----a-w-	C:\Windows\system32\d3d10_1core.dll
2015-07-04 11:00:45 . 2015-04-19 21:24:52	189952	----a-w-	C:\Windows\system32\d3d10core.dll
2015-07-04 11:00:45 . 2015-04-19 21:24:52	160768	----a-w-	C:\Windows\system32\d3d10_1.dll
2015-07-04 11:00:45 . 2015-04-19 20:18:56	486400	----a-w-	C:\Windows\system32\d3d10level9.dll
2015-07-04 11:00:45 . 2015-04-19 20:13:15	682496	----a-w-	C:\Windows\system32\d2d1.dll
2015-07-04 11:00:44 . 2015-04-19 21:24:52	1029120	----a-w-	C:\Windows\system32\d3d10.dll
2015-07-04 11:00:44 . 2015-04-19 20:19:37	1172480	----a-w-	C:\Windows\system32\d3d10warp.dll
2015-07-04 11:00:44 . 2015-04-19 20:12:25	1072640	----a-w-	C:\Windows\system32\DWrite.dll
2015-07-04 11:00:44 . 2015-04-19 20:12:20	801792	----a-w-	C:\Windows\system32\FntCache.dll
2015-07-04 10:58:59 . 2015-02-20 02:03:22	34304	----a-w-	C:\Windows\system32\atmlib.dll
2015-07-04 10:58:59 . 2015-02-20 00:28:27	296960	----a-w-	C:\Windows\system32\atmfd.dll
2015-07-04 10:57:36 . 2015-04-30 13:14:01	102608	----a-w-	C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 10:56:03 . 2015-04-08 01:11:33	1219584	----a-w-	C:\Program Files\Windows Journal\NBDoc.DLL
2015-07-04 10:56:03 . 2015-04-08 01:11:05	939008	----a-w-	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2015-07-04 10:56:03 . 2015-04-07 23:35:44	1850880	----a-w-	C:\Program Files\Windows Journal\Journal.exe
2015-07-04 10:56:02 . 2015-04-08 01:11:05	985088	----a-w-	C:\Program Files\Windows Journal\JNTFiltr.dll
2015-07-04 10:56:02 . 2015-04-08 01:11:05	967168	----a-w-	C:\Program Files\Windows Journal\JNWDRV.dll
2015-07-04 10:55:38 . 2015-01-21 02:02:15	807936	----a-w-	C:\Windows\system32\msctf.dll
2015-07-04 10:54:26 . 2015-06-23 23:23:04	9252600	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC8B0592-585E-4811-A68E-D3140F592DCB}\mpengine.dll
2015-07-04 10:53:42 . 2015-05-21 14:22:53	2066432	----a-w-	C:\Windows\system32\win32k.sys
2015-07-04 10:50:36 . 2015-04-10 23:22:42	279552	----a-w-	C:\Windows\system32\services.exe
2015-07-04 10:27:22 . 2015-05-04 22:50:44	7680	----a-w-	C:\Windows\system32\spwmp.dll
2015-07-04 10:27:12 . 2015-05-04 22:50:57	4096	----a-w-	C:\Windows\system32\msdxm.ocx
2015-07-04 10:27:12 . 2015-05-04 22:50:57	4096	----a-w-	C:\Windows\system32\dxmasf.dll
2015-07-04 10:27:11 . 2015-05-04 21:21:09	107520	----a-w-	C:\Program Files\Windows Media Player\wmpconfig.exe
2015-07-04 10:27:11 . 2015-05-04 21:21:08	168960	----a-w-	C:\Program Files\Windows Media Player\wmplayer.exe
2015-07-04 10:27:11 . 2015-05-04 21:21:07	107520	----a-w-	C:\Program Files\Windows Media Player\wmpshare.exe
2015-07-04 10:27:09 . 2015-05-04 21:21:20	8147456	----a-w-	C:\Windows\system32\wmploc.DLL
2015-06-30 11:33:38 . 2015-06-30 11:33:38	--------	dc----w-	C:\Program Files\Microsoft WSE
2015-06-30 11:33:13 . 2015-06-30 12:48:42	--------	d-----w-	C:\ProgramData\Netzmanager
2015-06-30 11:32:49 . 2015-06-30 11:33:30	--------	dc-h--w-	C:\ProgramData\{7F13FB29-2E97-44BD-B7D8-AD3448228A45}
2015-06-28 20:20:45 . 2015-06-28 20:20:45	--------	dc----w-	C:\Program Files\Common Files\Java
2015-06-28 10:43:21 . 2015-07-02 22:38:23	--------	d-----w-	C:\Users\Emilia\AppData\Roaming\Cubic
2015-06-27 18:20:07 . 2015-06-27 18:20:07	--------	d-----w-	C:\Users\Emilia\AppData\Roaming\Waveform
2015-06-27 13:06:09 . 2015-06-27 13:06:11	--------	d-----w-	C:\Users\Emilia\AppData\Roaming\ots
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-07-16 17:37:50 . 2015-03-03 18:03:39	98520	----a-w-	C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-06-28 20:19:33 . 2015-01-31 10:09:18	96352	----a-w-	C:\Windows\system32\WindowsAccessBridge.dll
2015-06-18 06:41:50 . 2015-03-03 18:03:14	51928	----a-w-	C:\Windows\system32\drivers\mwac.sys
2015-06-18 06:41:42 . 2015-03-03 18:03:14	94936	----a-w-	C:\Windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41:36 . 2015-03-03 18:03:14	23256	----a-w-	C:\Windows\system32\drivers\mbam.sys


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="Z:\Application\puu.sh\puush.exe" [2015-04-12 14:39:48 568904]
"Amigabit Powerbooster Tray"="Z:\Application\Amigabit Powerbooster\PowerboosterTray.exe" [2013-06-14 12:55:22 481632]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2015-06-29 15:04:00 53288576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 00:03:46 75136]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2008-08-12 19:40:28 704512]
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe" [2009-09-05 15:29:06 385024]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 21:07:00 29984]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 21:05:10 46368]
"Realtime Audio Engine"="mmrtkrnl.exe" [2010-06-29 20:12:38 70144]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2011-02-11 17:26:32 137752]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2011-02-11 17:26:26 171032]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2011-02-11 17:26:30 172568]
"DefragTaskBar"="Z:\Application\Ashampoo Magical Defrag 3\defragtaskbar.exe" [2009-12-16 10:21:36 927072]
"LogMeIn Hamachi Ui"="Z:\Application\Hamachi\hamachi-2-ui.exe" [2015-03-30 13:29:02 3978600]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 11:45:44 334896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4008095182-3589058916-2039343968-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 15:51:32	991048	-c--a-w-	C:\Program Files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe

Inhalt des "geplante Tasks" Ordners

2015-07-18 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:18:01 . 2015-03-02 18:33:13]

2015-07-18 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-13 15:10:20 . 2013-04-13 15:10:15]

2015-07-18 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-13 15:10:20 . 2013-04-13 15:10:15]


------- Zusätzlicher Suchlauf -------

uStart Page = https://www.google.de/?rlz=1W4CHBA_deDE552
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\Emilia\AppData\Roaming\Mozilla\Firefox\Profiles\xc8ayp4m.default\

- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-GIMP-2_is1 - C:\Program Files\GIMP 2\uninst\unins000.exe
AddRemove-{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1 - Z:\Gry\.minecraft\Craften Terminal\unins000.exe
AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-07-18 18:46:49
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge...

schrauber · 19.07.2015, 14:04

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

17.07.2015, 10:46	#4
schrauber /// the machine /// TB-Ausbilder	Trojaner oder Hardware-Fehler? sitzt du in Polen? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Trojaner oder Hardware-Fehler?

Plagegeister aller Art und deren Bekämpfung: Trojaner oder Hardware-Fehler?