Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   RegSvr Fehler beim Laden des Moduls "" (https://www.trojaner-board.de/158991-regsvr-fehler-beim-laden-moduls.html)

cosinus 23.09.2014 13:48
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



nach dem Fix mit CF weitermachen

Revan10 23.09.2014 15:06
ich habe Fixlist.txt erstellt und gespeichert, aber wenn ich FRST ausführen will kommt:
'Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen der zum löschen markiert wurde.'

cosinus 23.09.2014 15:55
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Revan10 23.09.2014 16:09
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by Marcel at 2014-09-23 17:10:58 Run:1
Running from C:\Users\Marcel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
       
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====

cosinus 23.09.2014 16:22
Weitermachen mit CF

Revan10 24.09.2014 00:17
und hier das Combofix Logfile:

Code:
ComboFix 14-09-22.01 - Marcel 23.09.2014  17:15:21.1.6 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.8190.6108 [GMT 2:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marcel\4.0
c:\users\Marcel\AppData\Roaming\AcroIEHelpe.txt
c:\users\Marcel\AppData\Roaming\srvblck2.tmp
c:\users\Public\AlexaNSISPlugin.2532.dll
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\@
c:\windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\U\00000001.@
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-23 bis 2014-09-23  ))))))))))))))))))))))))))))))
.
.
2014-09-23 15:22 . 2014-09-23 15:22        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2014-09-23 07:12 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5804013F-9472-4E75-A66F-03D7DBE111EF}\mpengine.dll
2014-09-22 13:54 . 2014-09-23 15:10        --------        d-----w-        C:\FRST
2014-09-22 12:20 . 2014-09-23 10:37        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-22 12:19 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-09-22 12:19 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-09-22 12:19 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-09-22 12:19 . 2014-09-22 14:49        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-22 12:19 . 2014-09-22 12:19        --------        d-----w-        c:\programdata\Malwarebytes
2014-09-12 17:58 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-12 17:58 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-12 17:55 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll
2014-09-12 17:55 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe
2014-09-12 17:55 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll
2014-09-12 17:55 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe
2014-09-12 17:55 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-09-12 17:55 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-09-12 17:54 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe
2014-09-12 17:54 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe
2014-09-12 17:40 . 2014-09-14 07:17        --------        d-----w-        c:\windows\system32\MpEngineStore
2014-09-12 15:40 . 2014-07-16 03:23        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-12 15:40 . 2014-07-16 02:46        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-09-12 15:40 . 2014-06-03 10:02        3241984        ----a-w-        c:\windows\system32\msi.dll
2014-09-12 15:40 . 2014-06-03 10:02        1941504        ----a-w-        c:\windows\system32\authui.dll
2014-09-12 15:40 . 2014-06-03 09:29        2363392        ----a-w-        c:\windows\SysWow64\msi.dll
2014-09-12 15:40 . 2014-06-03 09:29        1805824        ----a-w-        c:\windows\SysWow64\authui.dll
2014-09-12 15:40 . 2014-06-03 10:02        112064        ----a-w-        c:\windows\system32\consent.exe
2014-09-12 15:40 . 2014-06-03 10:02        504320        ----a-w-        c:\windows\system32\msihnd.dll
2014-09-12 15:40 . 2014-06-03 09:29        337408        ----a-w-        c:\windows\SysWow64\msihnd.dll
2014-09-12 15:40 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2014-09-12 15:39 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
2014-09-12 15:39 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll
2014-09-12 15:39 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-09-12 15:39 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-12 15:39 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-12 15:38 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-12 15:38 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-12 15:36 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-12 15:36 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-12 15:36 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-12 15:36 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-12 15:36 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-12 15:34 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-09-12 15:34 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-09-12 15:34 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-12 15:34 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-12 14:16 . 2014-09-12 14:16        --------        d-----w-        c:\users\Gast\AppData\Local\Microsoft Games
2014-09-08 14:39 . 2014-09-08 14:39        --------        d-sh--w-        c:\users\Gast\AppData\Local\EmieUserList
2014-09-08 14:39 . 2014-09-08 14:39        --------        d-sh--w-        c:\users\Gast\AppData\Local\EmieSiteList
2014-09-08 14:34 . 2014-09-08 14:34        --------        d-----w-        c:\users\Gast\AppData\Local\Opera Software
2014-09-08 14:34 . 2014-09-08 14:34        --------        d-----w-        c:\users\Gast\AppData\Roaming\Opera Software
2014-09-08 14:32 . 2014-09-08 14:32        --------        d-----w-        c:\users\Gast\AppData\Local\SWDS
2014-09-04 12:50 . 2014-09-04 12:50        188304        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-09-04 12:50 . 2014-09-04 12:50        188304        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-29 08:13 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-29 08:00 . 2014-09-22 12:34        --------        d-----w-        c:\users\Marcel\AppData\Local\SWDS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 12:09 . 2012-04-13 10:53        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-22 12:09 . 2011-08-24 09:12        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 07:06 . 2011-01-30 16:01        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-29 11:01 . 2010-06-24 10:11        101694776        ----a-w-        c:\windows\system32\mrt.exe
2014-08-27 10:04 . 2014-03-18 22:03        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll
2014-08-14 12:06 . 2014-08-14 12:06        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:54 . 2013-05-06 11:08        42040        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-04 12:46 . 2013-03-20 10:40        117712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"Spotify Web Helper"="c:\users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-19 1245752]
"Spotify"="c:\users\Marcel\AppData\Roaming\Spotify\Spotify.exe" [2014-09-19 6342200]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-09-30 393216]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-08 751184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe;c:\asus.sys\config\DVMExportService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:09]
.
2014-08-13 c:\windows\Tasks\Opera scheduled Autoupdate 1404317197.job
- c:\program files (x86)\Opera\launcher.exe [2014-07-02 14:43]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-OrevAzca - (no file)
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-23  17:35:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-23 15:35
.
Vor Suchlauf: 9 Verzeichnis(se), 699.024.617.472 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 698.892.836.864 Bytes frei
.
- - End Of File - - EC0C5F4764D4659B39A922D66D193B59
A36C5E4F47E84449FF07ED3517B43A31

cosinus 24.09.2014 13:50
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Revan10 25.09.2014 12:31
ok hier:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.09.2014
Suchlauf-Zeit: 12:08:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.25.04
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386728
Verstrichene Zeit: 13 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:
# AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 13:14:43
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Marcel - AEROCOOL
# Gestartet von : C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Tobit
Ordner Gelöscht : C:\Users\Marcel\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\SimpleFiles
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\Tobit
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Gast\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Marcel\AppData\LocalLow\SkwConfig.bin

***** [ Tasks ] *****

Task Gelöscht : Boby Lyrics Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\SimpleFiles
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\SimpleFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\x0dj98qw.default\prefs.js ]


[ Datei : C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439\prefs.js ]


*************************

AdwCleaner[R0].txt - [4110 octets] - [25/09/2014 13:13:48]
AdwCleaner[S0].txt - [3769 octets] - [25/09/2014 13:14:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3829 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marcel on 25.09.2014 at 13:25:19,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatediamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utildiamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatediamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatediamondata_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utildiamondata_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utildiamondata_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Marcel\appdata\local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2014 at 13:26:55,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Marcel (administrator) on AEROCOOL on 25-09-2014 13:29:12
Running from C:\Users\Marcel\Desktop\Trojaner
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\spotify.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify Web Helper] => C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify] => C:\Users\Marcel\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B2E9F4E7860CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-21] () [File not signed]
U3 ah86coek; C:\Windows\System32\Drivers\ah86coek.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:26 - 2014-09-25 13:27 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:24 - 2014-09-25 13:24 - 01024790 _____ (Thisisu) C:\Users\Marcel\Desktop\JRT.exe
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000312 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000168 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:13 - 2014-09-25 13:14 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:31 - 2014-09-25 12:31 - 01373475 _____ () C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 12:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 12:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:04 - 2014-09-25 12:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcel\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:01 - 2014-09-25 13:29 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-25 11:29 - 2014-09-25 11:29 - 00002231 _____ () C:\Users\Marcel\Desktop\Rome - Total War.lnk
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:17 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:17 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-23 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-23 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-23 13:13 - 2014-09-25 12:02 - 00000000 ____D () C:\Qoobox
2014-09-23 13:13 - 2014-09-23 17:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 15:54 - 2014-09-25 13:29 - 00000000 ____D () C:\FRST
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 19:58 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 19:58 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 19:55 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 19:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-12 19:55 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 19:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-12 19:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-12 19:54 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 19:40 - 2014-09-14 09:17 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-12 17:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 17:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 17:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-12 17:39 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 17:39 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 17:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 17:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 17:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 17:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-12 17:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 17:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 17:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 17:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 17:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 17:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 17:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:24 - 2014-09-08 17:28 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:13 - 2014-09-08 17:19 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-07 14:07 - 2014-09-08 10:41 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-08-29 10:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 10:00 - 2014-09-22 14:34 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 13:29 - 2014-09-25 12:01 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-25 13:29 - 2014-09-22 15:54 - 00000000 ____D () C:\FRST
2014-09-25 13:27 - 2014-09-25 13:26 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:26 - 2011-01-21 16:49 - 00000177 ____H () C:\dvmexp.idx
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:25 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:25 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 13:24 - 2014-09-25 13:24 - 01024790 _____ (Thisisu) C:\Users\Marcel\Desktop\JRT.exe
2014-09-25 13:19 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000312 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000168 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:15 - 2011-01-21 14:49 - 01759796 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 13:14 - 2014-09-25 13:13 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:31 - 2014-09-25 12:31 - 01373475 _____ () C:\Users\Marcel\Desktop\AdwCleaner_3.310.exe
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcel\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:02 - 2014-09-23 13:13 - 00000000 ____D () C:\Qoobox
2014-09-25 11:56 - 2011-01-21 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-25 11:29 - 2014-09-25 11:29 - 00002231 _____ () C:\Users\Marcel\Desktop\Rome - Total War.lnk
2014-09-24 14:13 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 12:34 - 2011-01-28 14:43 - 00000000 ____D () C:\Spiele
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2011-03-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-23 17:34 - 2014-09-23 13:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 17:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-23 17:22 - 2011-01-21 14:50 - 00000000 ____D () C:\Users\Marcel
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 14:34 - 2014-08-29 10:00 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS
2014-09-22 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 14:09 - 2012-04-13 12:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 14:09 - 2012-04-13 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:09 - 2011-08-24 11:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 15:02 - 2012-09-24 15:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 14:38 - 2014-08-05 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 14:37 - 2014-08-05 17:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 14:37 - 2013-02-25 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\system32\tprb
2014-09-15 09:06 - 2011-01-30 18:01 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:50 - 2014-01-12 14:28 - 02042849 _____ () C:\Users\Marcel\Desktop\BewerbungPseminar.odt
2014-09-14 09:17 - 2014-09-12 19:40 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-14 09:05 - 2009-07-14 06:45 - 00296152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:12 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 20:01 - 2011-03-21 19:03 - 01622836 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:01 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 20:01 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 20:01 - 2009-07-14 07:13 - 01622836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:00 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 19:40 - 2012-01-11 20:56 - 00000000 __SHD () C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
2014-09-12 17:33 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 17:20 - 2012-06-13 07:29 - 00000000 ____D () C:\Users\Gast
2014-09-12 17:19 - 2011-01-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-12 17:19 - 2009-07-14 19:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-12 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-12 17:12 - 2013-02-25 14:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-10 00:11 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:28 - 2014-09-08 17:24 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:19 - 2014-09-08 17:13 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-08 10:41 - 2014-09-07 14:07 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-09-05 04:10 - 2014-09-12 17:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-12 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-06-24 12:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}

Files to move or delete:
====================
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe


Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe
C:\Users\Marcel\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcel\AppData\Local\Temp\SIntf16.dll
C:\Users\Marcel\AppData\Local\Temp\SIntf32.dll
C:\Users\Marcel\AppData\Local\Temp\SIntfNT.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-11 15:08

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Marcel at 2014-09-25 13:31:11
Running from C:\Users\Marcel\Desktop\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.12.0 - International GeoGebra Institute)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-449399407-1750495009-3439875748-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-09-2014 09:59:15 Windows Update
19-09-2014 13:04:17 Windows Update
23-09-2014 07:11:48 Windows Update
24-09-2014 07:23:56 Installiert Star Wars Battlefront II
24-09-2014 10:35:01 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 12:22:33 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 15:22:05 Windows Update
25-09-2014 09:20:23 Installiert Rome - Total War - Gold Edition
25-09-2014 09:54:00 Entfernt Rome - Total War - Gold Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03891B08-CF5C-4150-AD4B-5BCAD93FAEA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {038D5FB1-BFD6-4B06-BBC8-72F39389B20D} - System32\Tasks\{28AE8EB1-BF1D-4AED-A172-EB898025543D} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {07FF3B5B-2F9F-4695-9BB0-2D769F2AC720} - System32\Tasks\{58BE87E8-8E73-4398-ADEA-3FA4B7EFC71C} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {0E2554E8-D67B-4A6B-A8DC-CA808C9905E7} - System32\Tasks\{3DE5BF63-E7BC-400A-862E-CE50A6D81EAF} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {3F41A26D-76CC-49D3-A5A4-4AD3DACCD700} - System32\Tasks\{4A8082C3-F40C-4449-8FDA-88BA07C303DF} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {3F5BD095-B62A-4AD9-B57E-ABA504B707E4} - System32\Tasks\{B21D2B9E-07DD-4B3B-BF6B-E27818CFD135} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {6176E699-91AA-4FD4-988B-7E8D42E87ECD} - System32\Tasks\{AD30F46E-DC48-4A41-9E03-069E6EE91DC1} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {71EC2EAF-7AE4-4D22-96BF-987820D716C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7335A98D-52ED-4D30-B249-0A04901840D0} - System32\Tasks\{96303570-B8E3-4472-96AC-3C5A63D96A6D} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {7D646595-B39F-46AD-BBBC-1A9E96EDA552} - System32\Tasks\{7C5046A9-C57C-485A-8D99-E3AD617527BF} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {822B70F7-75B1-4E37-8984-2223CF9511F9} - System32\Tasks\{1894F0C8-0CDA-4145-AFFA-C4FD186B2D0C} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {89DEE641-ACB8-40C1-9876-AF372D990C29} - System32\Tasks\{CABDD3C8-870C-4AB0-8656-D164F23C7FFA} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {A0FABB55-2494-45C7-831B-10C90C52C5D8} - System32\Tasks\{278F9691-07D5-4E89-A025-FDACE655B728} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {AF281EB6-71AD-4307-92AA-A0D18704D089} - System32\Tasks\{4015532E-C9E6-47E3-B1D7-3D33F285CFD4} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {BEEDE3EA-863D-4AAD-AC7A-BD3D71F147CF} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {D06E69EE-D92E-4394-A491-DB4327E319AE} - System32\Tasks\{C59C7E3D-14D3-4FF5-943A-473852599845} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {F5CF6754-9CF3-46DB-9A9B-A0111813CC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-22] (Adobe Systems Incorporated)
Task: {F7603847-8699-43BD-9036-2A25E9731D89} - System32\Tasks\{789AB21E-96AB-4BAC-805C-3752FB18A86F} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1404317197.job => C:\Program Files (x86)\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00606776 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-14 22:02 - 2014-09-19 14:57 - 36966968 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-24 09:09 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Marcel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-22 14:09 - 2014-09-22 14:09 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-07-26 01:53 - 2014-09-19 14:57 - 00867896 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00886840 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00108600 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-23 17:22:16.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-23 17:22:16.348
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.926
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 30%
Total physical RAM: 8190.18 MB
Available physical RAM: 5676.2 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13528.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:649.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ROMETWGOLD) (CDROM) (Total:3.58 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A88FA33A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 25.09.2014 15:34
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe
Hosts:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Revan10 25.09.2014 16:06
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2014 01
Ran by Marcel at 2014-09-25 17:04:57 Run:2
Running from C:\Users\Marcel\Desktop\Trojaner
Loaded Profiles: Marcel & Gast (Available profiles: Marcel & Gast)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1}
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe
C:\Users\Marcel\SpotifySetup.exe
Hosts:
EmptyTemp:
       
*****************

C:\Users\Marcel\AppData\Local\{7c540ca6-90de-7cf7-e985-816cacd18ee1} => Moved successfully.
C:\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe => Moved successfully.
C:\Users\Marcel\SpotifySetup.exe => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 375.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 25.09.2014 21:38
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Revan10 26.09.2014 16:04

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-09-2014 01
Ran by Marcel (administrator) on AEROCOOL on 26-09-2014 17:03:55
Running from C:\Users\Marcel\Desktop\Trojaner
Loaded Profile: Marcel (Available profiles: Marcel & Gast)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Marcel\AppData\Roaming\Spotify\spotify.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify Web Helper] => C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [Spotify] => C:\Users\Marcel\AppData\Roaming\Spotify\Spotify.exe [6342200 2014-09-19] (Spotify Ltd)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-09-30] (AMD)
HKU\S-1-5-21-449399407-1750495009-3439875748-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B2E9F4E7860CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\9uflh2ha.default-1402011943439
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-30]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-21] () [File not signed]
U3 ayxbe8i7; C:\Windows\System32\Drivers\ayxbe8i7.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 15:36 - 2014-09-25 15:36 - 00001052 _____ () C:\Users\Marcel\Desktop\RomeTW.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001634 _____ () C:\Users\Public\Desktop\Barbarian Invasion.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001611 _____ () C:\Users\Public\Desktop\Rome - Total War.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00000544 _____ () C:\Windows\DirectX.log
2014-09-25 15:07 - 2014-09-25 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
2014-09-25 14:47 - 2014-09-25 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-25 14:46 - 2014-09-25 14:46 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-25 14:46 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:45 - 2014-09-25 14:46 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:45 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 13:32 - 2014-09-25 13:32 - 00023022 _____ () C:\Users\Marcel\Desktop\Addition.txt
2014-09-25 13:30 - 2014-09-25 13:30 - 00038369 _____ () C:\Users\Marcel\Desktop\FRST.txt
2014-09-25 13:26 - 2014-09-25 13:27 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-26 15:59 - 00000504 _____ () C:\Windows\setupact.log
2014-09-25 13:16 - 2014-09-25 17:06 - 00006700 _____ () C:\Windows\PFRO.log
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:13 - 2014-09-25 13:14 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-25 12:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-25 12:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:01 - 2014-09-26 17:03 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:17 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:17 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-23 13:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-23 13:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-23 13:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-23 13:13 - 2014-09-25 12:02 - 00000000 ____D () C:\Qoobox
2014-09-23 13:13 - 2014-09-23 17:34 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 15:54 - 2014-09-26 17:03 - 00000000 ____D () C:\FRST
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-12 20:03 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 20:03 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 20:03 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 20:03 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 20:03 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 20:03 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 20:03 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 20:03 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 20:03 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 20:03 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 20:03 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 20:03 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 20:03 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 20:03 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 20:03 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 20:03 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 20:03 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 20:03 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 20:03 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 20:03 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 20:03 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 20:03 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 20:03 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 20:03 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 20:03 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 20:03 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 20:03 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 20:03 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 20:03 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 20:03 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 20:03 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 20:03 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 20:03 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 19:58 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 19:58 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 19:55 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-12 19:55 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-12 19:55 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-12 19:55 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-12 19:55 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-12 19:54 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-12 19:54 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-12 19:40 - 2014-09-14 09:17 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-12 17:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-12 17:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-12 17:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-12 17:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-12 17:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-12 17:39 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-12 17:39 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 17:39 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 17:39 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 17:39 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-12 17:39 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-12 17:38 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 17:38 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 17:36 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 17:36 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 17:36 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 17:34 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 17:34 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 17:34 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-12 17:34 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:24 - 2014-09-08 17:28 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:13 - 2014-09-08 17:19 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-07 14:07 - 2014-09-08 10:41 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-08-29 10:13 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 10:00 - 2014-09-22 14:34 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 17:03 - 2014-09-25 12:01 - 00000000 ____D () C:\Users\Marcel\Desktop\Trojaner
2014-09-26 17:03 - 2014-09-22 15:54 - 00000000 ____D () C:\FRST
2014-09-26 16:34 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Spotify
2014-09-26 15:59 - 2014-09-25 13:16 - 00000504 _____ () C:\Windows\setupact.log
2014-09-26 15:59 - 2012-08-14 22:02 - 00000000 ____D () C:\Users\Marcel\AppData\Local\Spotify
2014-09-26 15:59 - 2011-01-21 14:49 - 01819820 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 11:39 - 2011-01-21 16:49 - 00000177 ____H () C:\dvmexp.idx
2014-09-26 11:39 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 11:39 - 2009-07-14 06:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 17:06 - 2014-09-25 13:16 - 00006700 _____ () C:\Windows\PFRO.log
2014-09-25 17:04 - 2011-01-21 14:50 - 00000000 ____D () C:\Users\Marcel
2014-09-25 15:36 - 2014-09-25 15:36 - 00001052 _____ () C:\Users\Marcel\Desktop\RomeTW.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001634 _____ () C:\Users\Public\Desktop\Barbarian Invasion.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00001611 _____ () C:\Users\Public\Desktop\Rome - Total War.lnk
2014-09-25 15:09 - 2014-09-25 15:09 - 00000544 _____ () C:\Windows\DirectX.log
2014-09-25 15:07 - 2014-09-25 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
2014-09-25 14:47 - 2014-09-25 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-25 14:47 - 2011-01-21 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-25 14:46 - 2014-09-25 14:46 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-25 14:46 - 2014-09-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-25 14:46 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 14:45 - 2014-09-25 14:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-25 14:36 - 2011-03-21 17:36 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-09-25 13:32 - 2014-09-25 13:32 - 00023022 _____ () C:\Users\Marcel\Desktop\Addition.txt
2014-09-25 13:30 - 2014-09-25 13:30 - 00038369 _____ () C:\Users\Marcel\Desktop\FRST.txt
2014-09-25 13:27 - 2014-09-25 13:26 - 00001653 _____ () C:\Users\Marcel\Desktop\JRT.txt
2014-09-25 13:25 - 2014-09-25 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 13:17 - 2014-09-25 13:17 - 00003913 _____ () C:\Users\Marcel\Desktop\AdwCleaner[S0].txt
2014-09-25 13:16 - 2014-09-25 13:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-25 13:14 - 2014-09-25 13:13 - 00000000 ____D () C:\AdwCleaner
2014-09-25 12:30 - 2014-09-25 12:30 - 00001160 _____ () C:\Users\Marcel\Desktop\mbam.txt
2014-09-25 12:07 - 2014-09-25 12:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-25 12:07 - 2014-09-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-25 12:02 - 2014-09-25 12:02 - 00000000 ___SD () C:\ComboFix
2014-09-25 12:02 - 2014-09-23 13:13 - 00000000 ____D () C:\Qoobox
2014-09-24 14:12 - 2014-09-24 14:12 - 00000000 ____D () C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-24 12:34 - 2011-01-28 14:43 - 00000000 ____D () C:\Spiele
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Marcel\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2014-09-24 09:23 - 00001557 _____ () C:\Users\Gast\Desktop\Star Wars Battlefront II spielen.lnk
2014-09-24 09:23 - 2011-03-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-23 17:35 - 2014-09-23 17:35 - 00019379 _____ () C:\ComboFix.txt
2014-09-23 17:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-23 17:34 - 2014-09-23 13:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 17:32 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-23 16:04 - 2014-09-23 16:04 - 00000221 _____ () C:\Users\Marcel\Documents\Fixlist.txt
2014-09-23 13:12 - 2014-09-23 13:12 - 05579290 ____R (Swearware) C:\Users\Marcel\Desktop\ComboFix.exe
2014-09-23 12:37 - 2014-09-23 12:37 - 00011472 _____ () C:\1.txt
2014-09-23 09:57 - 2014-09-23 09:57 - 00011476 _____ () C:\Scan1.txt
2014-09-22 18:47 - 2014-09-22 18:47 - 00001057 _____ () C:\Scan.txt
2014-09-22 14:34 - 2014-08-29 10:00 - 00000000 ____D () C:\Users\Marcel\AppData\Local\SWDS
2014-09-22 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-22 14:19 - 2014-09-22 14:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 14:09 - 2012-04-13 12:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-22 14:09 - 2012-04-13 12:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 14:09 - 2011-08-24 11:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 15:02 - 2012-09-24 15:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 14:38 - 2014-08-05 17:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 14:37 - 2014-08-05 17:44 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 14:37 - 2013-02-25 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\SysWOW64\mjcm
2014-09-15 18:34 - 2014-06-26 06:43 - 00000000 ____D () C:\Windows\system32\tprb
2014-09-15 09:06 - 2011-01-30 18:01 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:50 - 2014-01-12 14:28 - 02042849 _____ () C:\Users\Marcel\Desktop\BewerbungPseminar.odt
2014-09-14 09:17 - 2014-09-12 19:40 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-14 09:05 - 2009-07-14 06:45 - 00296152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-12 20:12 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 20:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 20:01 - 2011-03-21 19:03 - 01622836 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 20:01 - 2009-07-14 19:58 - 00709900 _____ () C:\Windows\system32\perfh007.dat
2014-09-12 20:01 - 2009-07-14 19:58 - 00154336 _____ () C:\Windows\system32\perfc007.dat
2014-09-12 20:01 - 2009-07-14 07:13 - 01622836 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:00 - 2013-08-15 14:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 17:33 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-12 17:20 - 2012-06-13 07:29 - 00000000 ____D () C:\Users\Gast
2014-09-12 17:19 - 2011-01-21 15:13 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-12 17:19 - 2009-07-14 19:58 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-09-12 17:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-12 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-12 17:12 - 2013-02-25 14:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-12 16:16 - 2014-09-12 16:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Microsoft Games
2014-09-10 00:11 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 23:47 - 2014-09-24 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-08 17:38 - 2014-09-08 17:38 - 00020285 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 3.odt
2014-09-08 17:35 - 2014-09-08 17:35 - 00020329 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 2.odt
2014-09-08 17:29 - 2014-09-08 17:29 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben 1.odt
2014-09-08 17:28 - 2014-09-08 17:24 - 00020461 _____ () C:\Users\Gast\Desktop\persönliches Anschreiben.odt
2014-09-08 17:20 - 2014-09-08 17:20 - 00013849 _____ () C:\Users\Gast\Desktop\Anschreiben 1.odt
2014-09-08 17:19 - 2014-09-08 17:13 - 00020853 _____ () C:\Users\Gast\Desktop\Anschreiben.odt
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieUserList
2014-09-08 16:39 - 2014-09-08 16:39 - 00000000 __SHD () C:\Users\Gast\AppData\Local\EmieSiteList
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Opera Software
2014-09-08 16:34 - 2014-09-08 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Opera Software
2014-09-08 16:32 - 2014-09-08 16:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\SWDS
2014-09-08 14:53 - 2014-09-08 14:53 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908 (1).ics
2014-09-08 14:52 - 2014-09-08 14:52 - 00001485 _____ () C:\Users\Marcel\Downloads\BAHN_Fahrplan_20140908.ics
2014-09-08 10:41 - 2014-09-07 14:07 - 02039989 _____ () C:\Users\Marcel\Desktop\Lebenslauf.odt
2014-09-05 04:10 - 2014-09-12 17:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-12 17:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 13:01 - 2010-06-24 12:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-11 15:08

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01
Ran by Marcel at 2014-09-26 17:05:07
Running from C:\Users\Marcel\Desktop\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53A19094-2C04-A9B9-7309-3E92152D4845}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.01 - Ubisoft)
ATI AVIVO64 Codecs (Version: 11.6.0.50930 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.795.0 - ATI Technologies) Hidden
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.12.0 - International GeoGebra Institute)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{24B89186-2A56-4D28-B930-6F4FCF224E2F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 23.0.1522.75 (HKLM-x32\...\Opera 23.0.1522.75) (Version: 23.0.1522.75 - Opera Software ASA)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm) (HKLM-x32\...\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}) (Version: 1.00.0000 - Obsidian)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
TP-LINK Wireless Client Utility (HKLM-x32\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-449399407-1750495009-3439875748-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-09-2014 07:11:48 Windows Update
24-09-2014 07:23:56 Installiert Star Wars Battlefront II
24-09-2014 10:35:01 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 12:22:33 Installiert Star Wars(TM): Knights of the Old Republic (TM)
24-09-2014 15:22:05 Windows Update
25-09-2014 09:20:23 Installiert Rome - Total War - Gold Edition
25-09-2014 09:54:00 Entfernt Rome - Total War - Gold Edition
25-09-2014 12:36:09 Removed Ubisoft Game Launcher
25-09-2014 12:47:11 Installiert Rome - Total War - Gold Edition

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03891B08-CF5C-4150-AD4B-5BCAD93FAEA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {038D5FB1-BFD6-4B06-BBC8-72F39389B20D} - System32\Tasks\{28AE8EB1-BF1D-4AED-A172-EB898025543D} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {07FF3B5B-2F9F-4695-9BB0-2D769F2AC720} - System32\Tasks\{58BE87E8-8E73-4398-ADEA-3FA4B7EFC71C} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {0E2554E8-D67B-4A6B-A8DC-CA808C9905E7} - System32\Tasks\{3DE5BF63-E7BC-400A-862E-CE50A6D81EAF} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {3F41A26D-76CC-49D3-A5A4-4AD3DACCD700} - System32\Tasks\{4A8082C3-F40C-4449-8FDA-88BA07C303DF} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {3F5BD095-B62A-4AD9-B57E-ABA504B707E4} - System32\Tasks\{B21D2B9E-07DD-4B3B-BF6B-E27818CFD135} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {6176E699-91AA-4FD4-988B-7E8D42E87ECD} - System32\Tasks\{AD30F46E-DC48-4A41-9E03-069E6EE91DC1} => C:\Program Files (x86)\Rockstar Games\Max Payne 2\MaxPayne2.exe
Task: {71EC2EAF-7AE4-4D22-96BF-987820D716C6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7335A98D-52ED-4D30-B249-0A04901840D0} - System32\Tasks\{96303570-B8E3-4472-96AC-3C5A63D96A6D} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {7D646595-B39F-46AD-BBBC-1A9E96EDA552} - System32\Tasks\{7C5046A9-C57C-485A-8D99-E3AD617527BF} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {822B70F7-75B1-4E37-8984-2223CF9511F9} - System32\Tasks\{1894F0C8-0CDA-4145-AFFA-C4FD186B2D0C} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {89DEE641-ACB8-40C1-9876-AF372D990C29} - System32\Tasks\{CABDD3C8-870C-4AB0-8656-D164F23C7FFA} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {A0FABB55-2494-45C7-831B-10C90C52C5D8} - System32\Tasks\{278F9691-07D5-4E89-A025-FDACE655B728} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {AF281EB6-71AD-4307-92AA-A0D18704D089} - System32\Tasks\{4015532E-C9E6-47E3-B1D7-3D33F285CFD4} => C:\Spiele\KotoR II\launcher.exe [2005-01-13] (Obsidian Entertainment, Inc.)
Task: {BEEDE3EA-863D-4AAD-AC7A-BD3D71F147CF} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {D06E69EE-D92E-4394-A491-DB4327E319AE} - System32\Tasks\{C59C7E3D-14D3-4FF5-943A-473852599845} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: {F5CF6754-9CF3-46DB-9A9B-A0111813CC20} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-22] (Adobe Systems Incorporated)
Task: {F7603847-8699-43BD-9036-2A25E9731D89} - System32\Tasks\{789AB21E-96AB-4BAC-805C-3752FB18A86F} => C:\Spiele\Max Payne 2\MaxPayne2.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1404317197.job => C:\Program Files (x86)\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 16:32 - 2012-12-19 16:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 19:39 - 2012-10-17 19:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00606776 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-08-14 22:02 - 2014-09-19 14:57 - 36966968 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-25 17:07 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Marcel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-22 14:09 - 2014-09-22 14:09 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
2014-07-26 01:53 - 2014-09-19 14:57 - 00867896 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00886840 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-24 18:39 - 2014-09-19 14:57 - 00108600 _____ () C:\Users\Marcel\AppData\Roaming\Spotify\Data\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-449399407-1750495009-3439875748-500 - Disabled - Status: Degraded)
ASPNET (S-1-5-21-449399407-1750495009-3439875748-1004 - Enabled - Status: OK)
Gast (S-1-5-21-449399407-1750495009-3439875748-501 - Enabled - Status: OK) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-449399407-1750495009-3439875748-1002 - Enabled - Status: OK)
Marcel (S-1-5-21-449399407-1750495009-3439875748-1000 - Enabled - Status: OK) => C:\Users\Marcel

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005


System errors:
=============
Error: (09/26/2014 11:29:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/25/2014 05:06:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (09/25/2014 02:35:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9413849

Error: (09/26/2014 03:59:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (09/26/2014 01:22:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (09/26/2014 01:22:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/26/2014 01:22:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005


CodeIntegrity Errors:
===================================
  Date: 2014-09-23 17:22:16.660
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-23 17:22:16.348
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.069
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:15.023
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.972
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-03-28 23:43:14.926
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 22%
Total physical RAM: 8190.18 MB
Available physical RAM: 6324.94 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13561.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:643.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BFII) (CDROM) (Total:3.02 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A88FA33A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 26.09.2014 17:55
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Revan10 30.09.2014 14:30
Code:
www.malwarebytes.org

Suchlauf Datum: 30.09.2014
Suchlauf-Zeit: 15:16:59
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.30.04
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcel

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387500
Verstrichene Zeit: 12 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Revan10 01.10.2014 21:29
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=30d90d072c59254cb2d8ff44c6032c65
# engine=20388
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-01 08:25:49
# local_time=2014-10-01 10:25:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13637 156747327 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10635 163824999 0 0
# scanned=352350
# found=7
# cleaned=0
# scan_time=10318
sh=D20146018CC2327122B2692E355F353DFA6D571A ft=1 fh=641303b82d1a41cf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Marcel\FreeYouTubeToMP3Converter_3.10.17.exe.xBAD"
sh=74E07DE7B3AEE058952F4CDD5E99EAC2008932C8 ft=1 fh=f4cb98639c10ef0c vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Program Files (x86)\2K Sports\NBA 2K12\rld.dll"
sh=0FC145D539EF7A2D88FA76DE573B25AB9EB2A317 ft=1 fh=0484962387c0b26c vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll"
sh=CD8FBE657205F949584E0AEE2825E1499613945E ft=1 fh=93ab2a2b0ebef67e vn="Win64/Conedex.D Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Installer\{7c540ca6-90de-7cf7-e985-816cacd18ee1}\U\00000001.@.vir"
sh=489465566BABFE6F8B9BCD6C5EC6B46411FAF400 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Users\Marcel\Desktop\Sonstiges\NBA 2k12\N6B8A2k12patch1.01-elamigos.rar"
sh=74E07DE7B3AEE058952F4CDD5E99EAC2008932C8 ft=1 fh=f4cb98639c10ef0c vn="Variante von Win32/Packed.VMProtect.AAH Trojaner" ac=I fn="C:\Users\Marcel\Desktop\Sonstiges\NBA 2k12\Crack 1.01\rld.dll"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marcel\Downloads\FreeYouTubeToMP3Converter34.exe"


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:58 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129