Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   RegSvr Fehler beim Laden des Moduls "" (https://www.trojaner-board.de/158991-regsvr-fehler-beim-laden-moduls.html)

cosinus 23.09.2014 13:48
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



nach dem Fix mit CF weitermachen

Revan10 23.09.2014 15:06
ich habe Fixlist.txt erstellt und gespeichert, aber wenn ich FRST ausführen will kommt:
'Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen der zum löschen markiert wurde.'

cosinus 23.09.2014 15:55
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Revan10 23.09.2014 16:09
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Marcel at 2014-09-23 17:10:58 Run:1
Running from C:\Users\Marcel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
       
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

cosinus 23.09.2014 16:22
Weitermachen mit CF

Revan10 24.09.2014 00:17
und hier das Combofix Logfile:

Code:
ComboFix 14-09-22.01 - Marcel 23.09.2014  17:15:21.1.6 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8190.6108 [GMT 2:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marcel\4.0
c:\users\Marcel\AppData\Roaming\AcroIEHelpe.txt
c:\users\Marcel\AppData\Roaming\srvblck2.tmp
c:\users\Public\AlexaNSISPlugin.2532.dll
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\@
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\U\00000001.@
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-23 bis 2014-09-23  ))))))))))))))))))))))))))))))
.
.
2014-09-23 15:22 . 2014-09-23 15:22        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2014-09-23 07:12 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5804013F-9472-4E75-A66F-03D7DBE111EF}\mpengine.dll
2014-09-22 13:54 . 2014-09-23 15:10        --------        d-----w-        C:\FRST
2014-09-22 12:20 . 2014-09-23 10:37        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 12:19 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-09-22 12:19 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-09-22 12:19 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-09-22 12:19 . 2014-09-22 14:49        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-22 12:19 . 2014-09-22 12:19        --------        d-----w-        c:\programdata\Malwarebytes
2014-09-12 17:58 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-12 17:58 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-12 17:55 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-09-12 17:55 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-09-12 17:55 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-09-12 17:55 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-09-12 17:55 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-09-12 17:55 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-09-12 17:54 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-09-12 17:54 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-09-12 17:40 . 2014-09-14 07:17        --------        d-----w-        c:\windows\system32\MpEngineStore
2014-09-12 15:40 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-12 15:40 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-12 15:40 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-09-12 15:40 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-09-12 15:40 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-09-12 15:40 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-09-12 15:40 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-09-12 15:40 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-09-12 15:40 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-09-12 15:40 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-09-12 15:39 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-09-12 15:39 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-09-12 15:39 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-09-12 15:39 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-12 15:39 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-12 15:38 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-12 15:38 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-12 15:36 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-12 15:36 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-12 15:36 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-12 15:36 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-12 15:36 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-12 15:34 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-09-12 15:34 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-09-12 15:34 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-12 15:34 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-12 14:16 . 2014-09-12 14:16        --------        d-----w-        c:\users\Gast\AppData\Local\Microsoft Games
2014-09-08 14:39 . 2014-09-08 14:39        --------        d-sh--w-        c:\users\Gast\AppData\Local\EmieUserList
2014-09-08 14:39 . 2014-09-08 14:39        --------        d-sh--w-        c:\users\Gast\AppData\Local\EmieSiteList
2014-09-08 14:34 . 2014-09-08 14:34        --------        d-----w-        c:\users\Gast\AppData\Local\Opera Software
2014-09-08 14:34 . 2014-09-08 14:34        --------        d-----w-        c:\users\Gast\AppData\Roaming\Opera Software
2014-09-08 14:32 . 2014-09-08 14:32        --------        d-----w-        c:\users\Gast\AppData\Local\SWDS
2014-09-04 12:50 . 2014-09-04 12:50        188304        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-04 12:50 . 2014-09-04 12:50        188304        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-29 08:13 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-29 08:00 . 2014-09-22 12:34        --------        d-----w-        c:\users\Marcel\AppData\Local\SWDS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 12:09 . 2012-04-13 10:53        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-22 12:09 . 2011-08-24 09:12        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-01-30 16:01        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-29 11:01 . 2010-06-24 10:11        101694776        ----a-w-        c:\windows\system32\mrt.exe
2014-08-27 10:04 . 2014-03-18 22:03        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll
2014-08-14 12:06 . 2014-08-14 12:06        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:54 . 2013-05-06 11:08        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-04 12:46 . 2013-03-20 10:40        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"Spotify Web Helper"="c:\users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-19 1245752]
"Spotify"="c:\users\Marcel\AppData\Roaming\Spotify\Spotify.exe" [2014-09-19 6342200]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-08 751184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:09]
.
2014-08-13 c:\windows\Tasks\Opera scheduled Autoupdate 1404317197.job
- c:\program files (x86)\Opera\launcher.exe [2014-07-02 14:43]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-OrevAzca - (no file)
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-23  17:35:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-23 15:35
.
Vor Suchlauf: 9 Verzeichnis(se), 699.024.617.472 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 698.892.836.864 Bytes frei
.
- - End Of File - - EC0C5F4764D4659B39A922D66D193B59
A36C5E4F47E84449FF07ED3517B43A31

cosinus 24.09.2014 13:50
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Revan10 25.09.2014 12:31
ok hier:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 12:08:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.04
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386728
Verstrichene Zeit: 13 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:
# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 13:14:43
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Marcel - AEROCOOL
# Gestartet von : C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\Marcel\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\SimpleFiles
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\Tobit
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Gast\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Marcel\AppData\LocalLow\SkwConfig.bin

***** [ Tasks ] *****

Task Gelöscht : Boby Lyrics Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\SimpleFiles
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\SimpleFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\x0dj98qw.default\prefs.js ]


[ Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439\prefs.js ]


*************************

AdwCleaner[R0].txt - [4110 octets] - [25/09/2014 13:13:48]
AdwCleaner[S0].txt - [3769 octets] - [25/09/2014 13:14:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3829 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marcel on 25.09.2014 at 13:25:19,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatediamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatediamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utildiamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utildiamondata_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2014 at 13:26:55,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Marcel (administrator) on AEROCOOL on 25-09-2014 13:29:12
Running from C:\Users\Marcel\Desktop\Trojaner
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\spotify.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify Web Helper] => C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify] => C:\Users\Marcel\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B2E9F4E7860CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-21] () [File not signed]
U3 ah86coek; C:\Windows\System32\Drivers\ah86coek.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:26 - 2014-09-25 13:27 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:24 - 2014-09-25 13:24 - 01024790 _____ (Thisisu) C:\Users\Marcel\Desktop\JRT.exe
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000312 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000168 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:13 - 2014-09-25 13:14 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:31 - 2014-09-25 12:31 - 01373475 _____ () C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 12:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 12:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:04 - 2014-09-25 12:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcel\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:01 - 2014-09-25 13:29 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-25 11:29 - 2014-09-25 11:29 - 00002231 _____ () C:\Users\Marcel\Desktop\Rome - Total War.lnk
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:17 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:17 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-23 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-23 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-23 13:13 - 2014-09-25 12:02 - 00000000 ____D () C:\Qoobox
2014-09-23 13:13 - 2014-09-23 17:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 15:54 - 2014-09-25 13:29 - 00000000 ____D () C:\FRST
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 19:58 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 19:58 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 19:55 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 19:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-12 19:55 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 19:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-12 19:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-12 19:54 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 19:40 - 2014-09-14 09:17 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-12 17:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 17:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 17:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-12 17:39 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 17:39 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 17:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 17:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 17:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 17:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-12 17:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 17:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 17:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 17:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 17:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 17:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 17:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:24 - 2014-09-08 17:28 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:13 - 2014-09-08 17:19 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-07 14:07 - 2014-09-08 10:41 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-08-29 10:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 10:00 - 2014-09-22 14:34 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:29 - 2014-09-25 12:01 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-25 13:29 - 2014-09-22 15:54 - 00000000 ____D () C:\FRST
2014-09-25 13:27 - 2014-09-25 13:26 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:26 - 2011-01-21 16:49 - 00000177 ____H () C:\dvmexp.idx
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:25 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:25 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:24 - 2014-09-25 13:24 - 01024790 _____ (Thisisu) C:\Users\Marcel\Desktop\JRT.exe
2014-09-25 13:19 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000312 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000168 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:15 - 2011-01-21 14:49 - 01759796 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 13:14 - 2014-09-25 13:13 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:31 - 2014-09-25 12:31 - 01373475 _____ () C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcel\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:02 - 2014-09-23 13:13 - 00000000 ____D () C:\Qoobox
2014-09-25 11:56 - 2011-01-21 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-25 11:29 - 2014-09-25 11:29 - 00002231 _____ () C:\Users\Marcel\Desktop\Rome - Total War.lnk
2014-09-24 14:13 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 12:34 - 2011-01-28 14:43 - 00000000 ____D () C:\Spiele
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2011-03-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-23 17:34 - 2014-09-23 13:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 17:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-23 17:22 - 2011-01-21 14:50 - 00000000 ____D () C:\Users\Marcel
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 14:34 - 2014-08-29 10:00 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS
2014-09-22 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 14:09 - 2012-04-13 12:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 14:09 - 2012-04-13 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:09 - 2011-08-24 11:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 15:02 - 2012-09-24 15:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 14:38 - 2014-08-05 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 14:37 - 2014-08-05 17:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 14:37 - 2013-02-25 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\system32\tprb
2014-09-15 09:06 - 2011-01-30 18:01 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:50 - 2014-01-12 14:28 - 02042849 _____ () C:\Users\Marcel\Desktop\BewerbungPseminar.odt
2014-09-14 09:17 - 2014-09-12 19:40 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-14 09:05 - 2009-07-14 06:45 - 00296152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:12 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 20:01 - 2011-03-21 19:03 - 01622836 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:01 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 20:01 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 20:01 - 2009-07-14 07:13 - 01622836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:00 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 19:40 - 2012-01-11 20:56 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
2014-09-12 17:33 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 17:20 - 2012-06-13 07:29 - 00000000 ____D () C:\Users\Gast
2014-09-12 17:19 - 2011-01-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-12 17:19 - 2009-07-14 19:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-12 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-12 17:12 - 2013-02-25 14:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-10 00:11 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:28 - 2014-09-08 17:24 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:19 - 2014-09-08 17:13 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-08 10:41 - 2014-09-07 14:07 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-09-05 04:10 - 2014-09-12 17:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-12 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-06-24 12:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}

Files to move or delete:
====================
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe


Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcel\AppData\Local\Temp\SIntf16.dll
C:\Users\Marcel\AppData\Local\Temp\SIntf32.dll
C:\Users\Marcel\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-11 15:08

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Marcel at 2014-09-25 13:31:11
Running from C:\Users\Marcel\Desktop\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.12.0 - International GeoGebra Institute)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-449399407-1750495009-3439875748-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-09-2014 09:59:15 Windows Update
19-09-2014 13:04:17 Windows Update
23-09-2014 07:11:48 Windows Update
24-09-2014 07:23:56 Installiert Star Wars Battlefront II
24-09-2014 10:35:01 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 12:22:33 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 15:22:05 Windows Update
25-09-2014 09:20:23 Installiert Rome - Total War - Gold Edition
25-09-2014 09:54:00 Entfernt Rome - Total War - Gold Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03891B08-CF5C-4150-AD4B-5BCAD93FAEA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {038D5FB1-BFD6-4B06-BBC8-72F39389B20D} - System32\Tasks\{28AE8EB1-BF1D-4AED-A172-EB898025543D} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {07FF3B5B-2F9F-4695-9BB0-2D769F2AC720} - System32\Tasks\{58BE87E8-8E73-4398-ADEA-3FA4B7EFC71C} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {0E2554E8-D67B-4A6B-A8DC-CA808C9905E7} - System32\Tasks\{3DE5BF63-E7BC-400A-862E-CE50A6D81EAF} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {3F41A26D-76CC-49D3-A5A4-4AD3DACCD700} - System32\Tasks\{4A8082C3-F40C-4449-8FDA-88BA07C303DF} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {3F5BD095-B62A-4AD9-B57E-ABA504B707E4} - System32\Tasks\{B21D2B9E-07DD-4B3B-BF6B-E27818CFD135} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {6176E699-91AA-4FD4-988B-7E8D42E87ECD} - System32\Tasks\{AD30F46E-DC48-4A41-9E03-069E6EE91DC1} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {71EC2EAF-7AE4-4D22-96BF-987820D716C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7335A98D-52ED-4D30-B249-0A04901840D0} - System32\Tasks\{96303570-B8E3-4472-96AC-3C5A63D96A6D} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {7D646595-B39F-46AD-BBBC-1A9E96EDA552} - System32\Tasks\{7C5046A9-C57C-485A-8D99-E3AD617527BF} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {822B70F7-75B1-4E37-8984-2223CF9511F9} - System32\Tasks\{1894F0C8-0CDA-4145-AFFA-C4FD186B2D0C} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {89DEE641-ACB8-40C1-9876-AF372D990C29} - System32\Tasks\{CABDD3C8-870C-4AB0-8656-D164F23C7FFA} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {A0FABB55-2494-45C7-831B-10C90C52C5D8} - System32\Tasks\{278F9691-07D5-4E89-A025-FDACE655B728} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {AF281EB6-71AD-4307-92AA-A0D18704D089} - System32\Tasks\{4015532E-C9E6-47E3-B1D7-3D33F285CFD4} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {BEEDE3EA-863D-4AAD-AC7A-BD3D71F147CF} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {D06E69EE-D92E-4394-A491-DB4327E319AE} - System32\Tasks\{C59C7E3D-14D3-4FF5-943A-473852599845} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {F5CF6754-9CF3-46DB-9A9B-A0111813CC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-22] (Adobe Systems Incorporated)
Task: {F7603847-8699-43BD-9036-2A25E9731D89} - System32\Tasks\{789AB21E-96AB-4BAC-805C-3752FB18A86F} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1404317197.job => C:\Program Files (x86)\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00606776 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 22:02 - 2014-09-19 14:57 - 36966968 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-24 09:09 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Marcel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-22 14:09 - 2014-09-22 14:09 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-07-26 01:53 - 2014-09-19 14:57 - 00867896 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00886840 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00108600 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-23 17:22:16.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-23 17:22:16.348
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.926
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 30%
Total physical RAM: 8190.18 MB
Available physical RAM: 5676.2 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13528.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:649.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ROMETWGOLD) (CDROM) (Total:3.58 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A88FA33A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 25.09.2014 15:34
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe
Hosts:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Revan10 25.09.2014 16:06
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Marcel at 2014-09-25 17:04:57 Run:2
Running from C:\Users\Marcel\Desktop\Trojaner
Loaded Profiles: Marcel & Gast (Available profiles: Marcel & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe
Hosts:
EmptyTemp:
       
*****************

C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1} => Moved successfully.
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe => Moved successfully.
C:\Users\Marcel\SpotifySetup.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 375.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 25.09.2014 21:38
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Revan10 26.09.2014 16:04

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Marcel (administrator) on AEROCOOL on 26-09-2014 17:03:55
Running from C:\Users\Marcel\Desktop\Trojaner
Loaded Profile: Marcel (Available profiles: Marcel & Gast)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\spotify.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify Web Helper] => C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify] => C:\Users\Marcel\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B2E9F4E7860CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-21] () [File not signed]
U3 ayxbe8i7; C:\Windows\System32\Drivers\ayxbe8i7.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 15:36 - 2014-09-25 15:36 - 00001052 _____ () C:\Users\Marcel\Desktop\RomeTW.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001634 _____ () C:\Users\Public\Desktop\Barbarian Invasion.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001611 _____ () C:\Users\Public\Desktop\Rome - Total War.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00000544 _____ () C:\Windows\DirectX.log
2014-09-25 15:07 - 2014-09-25 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
2014-09-25 14:47 - 2014-09-25 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-25 14:46 - 2014-09-25 14:46 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-25 14:46 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:45 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 13:32 - 2014-09-25 13:32 - 00023022 _____ () C:\Users\Marcel\Desktop\Addition.txt
2014-09-25 13:30 - 2014-09-25 13:30 - 00038369 _____ () C:\Users\Marcel\Desktop\FRST.txt
2014-09-25 13:26 - 2014-09-25 13:27 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-26 15:59 - 00000504 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 17:06 - 00006700 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:13 - 2014-09-25 13:14 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 12:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 12:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:01 - 2014-09-26 17:03 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:17 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:17 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-23 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-23 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-23 13:13 - 2014-09-25 12:02 - 00000000 ____D () C:\Qoobox
2014-09-23 13:13 - 2014-09-23 17:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 15:54 - 2014-09-26 17:03 - 00000000 ____D () C:\FRST
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 19:58 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 19:58 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 19:55 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 19:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-12 19:55 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 19:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-12 19:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-12 19:54 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 19:40 - 2014-09-14 09:17 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-12 17:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 17:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 17:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-12 17:39 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 17:39 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 17:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 17:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 17:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 17:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-12 17:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 17:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 17:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 17:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 17:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 17:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 17:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:24 - 2014-09-08 17:28 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:13 - 2014-09-08 17:19 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-07 14:07 - 2014-09-08 10:41 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-08-29 10:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 10:00 - 2014-09-22 14:34 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 17:03 - 2014-09-25 12:01 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-26 17:03 - 2014-09-22 15:54 - 00000000 ____D () C:\FRST
2014-09-26 16:34 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify
2014-09-26 15:59 - 2014-09-25 13:16 - 00000504 _____ () C:\Windows\setupact.log
2014-09-26 15:59 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify
2014-09-26 15:59 - 2011-01-21 14:49 - 01819820 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 11:39 - 2011-01-21 16:49 - 00000177 ____H () C:\dvmexp.idx
2014-09-26 11:39 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 11:39 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 17:06 - 2014-09-25 13:16 - 00006700 _____ () C:\Windows\PFRO.log
2014-09-25 17:04 - 2011-01-21 14:50 - 00000000 ____D () C:\Users\Marcel
2014-09-25 15:36 - 2014-09-25 15:36 - 00001052 _____ () C:\Users\Marcel\Desktop\RomeTW.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001634 _____ () C:\Users\Public\Desktop\Barbarian Invasion.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001611 _____ () C:\Users\Public\Desktop\Rome - Total War.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00000544 _____ () C:\Windows\DirectX.log
2014-09-25 15:07 - 2014-09-25 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
2014-09-25 14:47 - 2014-09-25 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-25 14:47 - 2011-01-21 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-25 14:46 - 2014-09-25 14:46 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-25 14:46 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:45 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 14:36 - 2011-03-21 17:36 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-25 13:32 - 2014-09-25 13:32 - 00023022 _____ () C:\Users\Marcel\Desktop\Addition.txt
2014-09-25 13:30 - 2014-09-25 13:30 - 00038369 _____ () C:\Users\Marcel\Desktop\FRST.txt
2014-09-25 13:27 - 2014-09-25 13:26 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:14 - 2014-09-25 13:13 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:02 - 2014-09-23 13:13 - 00000000 ____D () C:\Qoobox
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 12:34 - 2011-01-28 14:43 - 00000000 ____D () C:\Spiele
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2011-03-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-23 17:34 - 2014-09-23 13:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 17:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 14:34 - 2014-08-29 10:00 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS
2014-09-22 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 14:09 - 2012-04-13 12:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 14:09 - 2012-04-13 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:09 - 2011-08-24 11:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 15:02 - 2012-09-24 15:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 14:38 - 2014-08-05 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 14:37 - 2014-08-05 17:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 14:37 - 2013-02-25 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\system32\tprb
2014-09-15 09:06 - 2011-01-30 18:01 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:50 - 2014-01-12 14:28 - 02042849 _____ () C:\Users\Marcel\Desktop\BewerbungPseminar.odt
2014-09-14 09:17 - 2014-09-12 19:40 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-14 09:05 - 2009-07-14 06:45 - 00296152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:12 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 20:01 - 2011-03-21 19:03 - 01622836 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:01 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 20:01 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 20:01 - 2009-07-14 07:13 - 01622836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:00 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 17:33 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 17:20 - 2012-06-13 07:29 - 00000000 ____D () C:\Users\Gast
2014-09-12 17:19 - 2011-01-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-12 17:19 - 2009-07-14 19:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-12 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-12 17:12 - 2013-02-25 14:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-10 00:11 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:28 - 2014-09-08 17:24 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:19 - 2014-09-08 17:13 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-08 10:41 - 2014-09-07 14:07 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-09-05 04:10 - 2014-09-12 17:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-12 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-06-24 12:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-11 15:08

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Marcel at 2014-09-26 17:05:07
Running from C:\Users\Marcel\Desktop\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.12.0 - International GeoGebra Institute)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-449399407-1750495009-3439875748-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-09-2014 07:11:48 Windows Update
24-09-2014 07:23:56 Installiert Star Wars Battlefront II
24-09-2014 10:35:01 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 12:22:33 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 15:22:05 Windows Update
25-09-2014 09:20:23 Installiert Rome - Total War - Gold Edition
25-09-2014 09:54:00 Entfernt Rome - Total War - Gold Edition
25-09-2014 12:36:09 Removed Ubisoft Game Launcher
25-09-2014 12:47:11 Installiert Rome - Total War - Gold Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03891B08-CF5C-4150-AD4B-5BCAD93FAEA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {038D5FB1-BFD6-4B06-BBC8-72F39389B20D} - System32\Tasks\{28AE8EB1-BF1D-4AED-A172-EB898025543D} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {07FF3B5B-2F9F-4695-9BB0-2D769F2AC720} - System32\Tasks\{58BE87E8-8E73-4398-ADEA-3FA4B7EFC71C} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {0E2554E8-D67B-4A6B-A8DC-CA808C9905E7} - System32\Tasks\{3DE5BF63-E7BC-400A-862E-CE50A6D81EAF} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {3F41A26D-76CC-49D3-A5A4-4AD3DACCD700} - System32\Tasks\{4A8082C3-F40C-4449-8FDA-88BA07C303DF} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {3F5BD095-B62A-4AD9-B57E-ABA504B707E4} - System32\Tasks\{B21D2B9E-07DD-4B3B-BF6B-E27818CFD135} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {6176E699-91AA-4FD4-988B-7E8D42E87ECD} - System32\Tasks\{AD30F46E-DC48-4A41-9E03-069E6EE91DC1} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {71EC2EAF-7AE4-4D22-96BF-987820D716C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7335A98D-52ED-4D30-B249-0A04901840D0} - System32\Tasks\{96303570-B8E3-4472-96AC-3C5A63D96A6D} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {7D646595-B39F-46AD-BBBC-1A9E96EDA552} - System32\Tasks\{7C5046A9-C57C-485A-8D99-E3AD617527BF} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {822B70F7-75B1-4E37-8984-2223CF9511F9} - System32\Tasks\{1894F0C8-0CDA-4145-AFFA-C4FD186B2D0C} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {89DEE641-ACB8-40C1-9876-AF372D990C29} - System32\Tasks\{CABDD3C8-870C-4AB0-8656-D164F23C7FFA} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {A0FABB55-2494-45C7-831B-10C90C52C5D8} - System32\Tasks\{278F9691-07D5-4E89-A025-FDACE655B728} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {AF281EB6-71AD-4307-92AA-A0D18704D089} - System32\Tasks\{4015532E-C9E6-47E3-B1D7-3D33F285CFD4} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {BEEDE3EA-863D-4AAD-AC7A-BD3D71F147CF} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {D06E69EE-D92E-4394-A491-DB4327E319AE} - System32\Tasks\{C59C7E3D-14D3-4FF5-943A-473852599845} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {F5CF6754-9CF3-46DB-9A9B-A0111813CC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-22] (Adobe Systems Incorporated)
Task: {F7603847-8699-43BD-9036-2A25E9731D89} - System32\Tasks\{789AB21E-96AB-4BAC-805C-3752FB18A86F} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1404317197.job => C:\Program Files (x86)\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00606776 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-08-14 22:02 - 2014-09-19 14:57 - 36966968 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-25 17:07 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Marcel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-22 14:09 - 2014-09-22 14:09 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-07-26 01:53 - 2014-09-19 14:57 - 00867896 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00886840 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00108600 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-449399407-1750495009-3439875748-500 - Disabled - Status: Degraded)
ASPNET (S-1-5-21-449399407-1750495009-3439875748-1004 - Enabled - Status: OK)
Gast (S-1-5-21-449399407-1750495009-3439875748-501 - Enabled - Status: OK) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-449399407-1750495009-3439875748-1002 - Enabled - Status: OK)
Marcel (S-1-5-21-449399407-1750495009-3439875748-1000 - Enabled - Status: OK) => C:\Users\Marcel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005


System errors:
=============
Error: (09/26/2014 11:29:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/25/2014 05:06:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/25/2014 02:35:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005


CodeIntegrity Errors:
===================================
  Date: 2014-09-23 17:22:16.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-23 17:22:16.348
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.926
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 22%
Total physical RAM: 8190.18 MB
Available physical RAM: 6324.94 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13561.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:643.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BFII) (CDROM) (Total:3.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A88FA33A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 26.09.2014 17:55
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Revan10 30.09.2014 14:30
Code:
www.malwarebytes.org

Suchlauf Datum: 30.09.2014
Suchlauf-Zeit: 15:16:59
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.30.04
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387500
Verstrichene Zeit: 12 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Revan10 01.10.2014 21:29
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=30d90d072c59254cb2d8ff44c6032c65
# engine=20388
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-01 08:25:49
# local_time=2014-10-01 10:25:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13637 156747327 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10635 163824999 0 0
# scanned=352350
# found=7
# cleaned=0
# scan_time=10318
sh=D20146018CC2327122B2692E355F353DFA6D571A ft=1 fh=641303b82d1a41cf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe.xBAD"
sh=74E07DE7B3AEE058952F4CDD5E99EAC2008932C8 ft=1 fh=f4cb98639c10ef0c vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Program Files (x86)\2K Sports\NBA 2K12\rld.dll"
sh=0FC145D539EF7A2D88FA76DE573B25AB9EB2A317 ft=1 fh=0484962387c0b26c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
sh=CD8FBE657205F949584E0AEE2825E1499613945E ft=1 fh=93ab2a2b0ebef67e vn="Win64/Conedex.D Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\U\00000001.@.vir"
sh=489465566BABFE6F8B9BCD6C5EC6B46411FAF400 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Users\Marcel\Desktop\Sonstiges\NBA 2k12\N6B8A2k12patch1.01-elamigos.rar"
sh=74E07DE7B3AEE058952F4CDD5E99EAC2008932C8 ft=1 fh=f4cb98639c10ef0c vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Users\Marcel\Desktop\Sonstiges\NBA 2k12\Crack 1.01\rld.dll"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\Downloads\FreeYouTubeToMP3Converter34.exe"


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:47 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132