Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 Pro - AKM mit Sperrebildschirm (https://www.trojaner-board.de/162888-windows-7-pro-akm-sperrebildschirm.html)

SiD867 17.01.2015 20:45
Windows 7 Pro - AKM mit Sperrebildschirm
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,

ich habe mir leider den AKM Trojaner eingefangen, ich habe in anderen Themen gelesen mittels OTL einen scan zu machen um danach die ausgegebene Logfiles hier zu posten.

Ich war schon mal so eifrig und habe den scan bereits durchgefuehrt - die logfiles haeng ich gleich mal mit an ;-)

Ich habe auf meinem PC zwei User eingerichtet, der eine ist derzeit mit dem AKM Problem unbrauchbar, mit dem zweiten kann ich alles machen, wie diesen post erstellen ;-)

Vielen Dank schon mal im voraus fuer Eure Hilfe.

SiD

cosinus 17.01.2015 20:52
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

SiD867 17.01.2015 23:00
Hallo! ;-)

Erstmal danke fuer deine schnelle antort und deine hilfe!

ich habe keines deiner erwaehnten Programme - hab bei mir MS security essentials installiert, das hat aber nichts gemeldet - logfiles muss ich erst suchen.

FRST hab ich geladen und laufen lassen, logfiles hab ich hochgeladen mit dem post.

lg

cosinus 18.01.2015 00:02
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

SiD867 18.01.2015 00:56
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Luna (administrator) on VICOM on 17-01-2015 22:56:11
Running from C:\Users\Luna\Desktop
Loaded Profiles: PaPa & Luna (Available profiles: PaPa & Luna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Users\PaPa\AppData\Roaming\loadit.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics Co., Ltd.) D:\Samsung\Kies\KiesTrayAgent.exe
(VMware, Inc.) D:\VMWare\vmware-tray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(OldTimer Tools) C:\Users\Luna\Desktop\OTL.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] => C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] => C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Regedit32] => C:\Windows\SysWOW64\regedit.exe [398336 2009-07-14] (Microsoft Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMWare\vmware-tray.exe [104088 2012-08-15] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [KiesAirMessage] => D:\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [KiesPreload] => D:\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [KiesPDLR.exe] => D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\MountPoints2: F - F:\OpenFiles.exe
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\MountPoints2: {259a1910-826e-11e4-b86e-544ee61cf20c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Winlogon: [Userinit] C:\Users\PaPa\AppData\Roaming\loadit.exe [604926 2015-01-17] ()
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Winlogon: [Shell] C:\Users\PaPa\AppData\Roaming\loadit.exe [604926 2015-01-17] () <==== ATTENTION
Startup: C:\Users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> C:\Users\Luna\AppData\Roaming\autostarter.exe (No File)
Startup: C:\Users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\Users\Luna\AppData\Roaming\loadit.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4142995849-1864615369-2111312488-1000 -> DefaultScope {7B254C86-420A-46A4-B046-22E78B7439ED} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4142995849-1864615369-2111312488-1000 -> {7B254C86-420A-46A4-B046-22E78B7439ED} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4142995849-1864615369-2111312488-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://vpn.ergo-austria.at/CSHELL/extender.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Luna\AppData\Roaming\Mozilla\Firefox\Profiles\mtkxb9px.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin HKU\S-1-5-21-4142995849-1864615369-2111312488-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\PaPa\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin HKU\S-1-5-21-4142995849-1864615369-2111312488-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353984 2012-09-12] (Check Point Software Technologies)
S3 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-28] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 VMAuthdService; D:\VMWare\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S3 VMwareHostd; D:\VMWare\vmware-hostd.exe [15680000 2012-08-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-01] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 SaiK0621; C:\Windows\System32\DRIVERS\SaiK0621.sys [131584 2008-10-22] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2009-06-10] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43264 2009-06-10] (Saitek)
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 22:56 - 2015-01-17 22:56 - 00019396 _____ () C:\Users\Luna\Desktop\FRST.txt
2015-01-17 22:56 - 2015-01-17 22:56 - 00000000 ____D () C:\FRST
2015-01-17 22:53 - 2015-01-17 22:55 - 02125824 _____ (Farbar) C:\Users\Luna\Desktop\FRST64.exe
2015-01-17 20:47 - 2015-01-17 20:47 - 00000000 ____D () C:\Users\Luna\AppData\Roaming\Mozilla
2015-01-17 20:47 - 2015-01-17 20:47 - 00000000 ____D () C:\Users\Luna\AppData\Local\Mozilla
2015-01-17 20:44 - 2015-01-17 20:44 - 00088038 _____ () C:\Users\Luna\Desktop\OTL_SiD.Txt
2015-01-17 20:42 - 2015-01-17 20:42 - 00193938 _____ () C:\Users\Luna\Desktop\Extras_SiD.Txt
2015-01-17 20:21 - 2015-01-17 20:21 - 00193942 _____ () C:\Users\Luna\Desktop\Extras.Txt
2015-01-17 20:20 - 2015-01-17 20:20 - 00088038 _____ () C:\Users\Luna\Desktop\OTL.Txt
2015-01-17 20:08 - 2015-01-17 20:08 - 00602112 _____ (OldTimer Tools) C:\Users\Luna\Desktop\OTL.exe
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieUserList
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieSiteList
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieBrowserModeList
2015-01-17 19:59 - 2015-01-17 19:59 - 00000000 ____D () C:\Users\Luna\AppData\Local\Razer
2015-01-17 19:53 - 2015-01-17 19:53 - 00604926 _____ () C:\Users\PaPa\AppData\Roaming\loadit.exe
2015-01-17 19:53 - 2015-01-17 19:53 - 00000032 _____ () C:\Users\PaPa\AppData\Roaming\url.txt
2015-01-17 19:48 - 2014-12-31 02:06 - 74210710 _____ () C:\Users\PaPa\AppData\Roaming\autostarter.exe
2015-01-15 08:16 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:16 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:16 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:16 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:16 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:16 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:16 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:56 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:56 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:56 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:56 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:56 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 23:23 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\PaPa\Documents\Stronghold Crusader 2
2014-12-23 19:25 - 2014-12-23 19:25 - 00001283 _____ () C:\Users\Public\Desktop\Die Fisch-Oase.lnk
2014-12-23 18:48 - 2014-12-23 18:52 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Ancient Quest of Saqqarah__intenium
2014-12-23 18:47 - 2014-12-23 18:47 - 00001235 _____ () C:\Users\Public\Desktop\Saqqarah.lnk
2014-12-23 15:13 - 2014-12-23 15:13 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\GrowingGrass
2014-12-23 15:12 - 2014-12-23 19:25 - 00001141 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-12-23 15:12 - 2014-12-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-12-23 15:12 - 2014-12-23 15:12 - 00001355 _____ () C:\Users\Public\Desktop\Die Legende der Elfen.lnk
2014-12-23 15:12 - 2014-12-23 15:12 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-12-23 15:12 - 2014-12-23 15:12 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Intenium
2014-12-23 15:09 - 2014-12-23 19:24 - 00000000 ____D () C:\Users\PaPa\Desktop\spiele
2014-12-23 14:44 - 2014-12-23 14:44 - 00000000 ____D () C:\Users\PaPa\AppData\Local\{F629AA1C-82E4-4F60-A436-548C9D43A270}
2014-12-20 08:44 - 2014-12-20 08:56 - 00000000 ____D () C:\Users\PaPa\Documents\Assassin's Creed Unity
2014-12-20 08:44 - 2014-12-20 08:44 - 00001211 _____ () C:\Users\PaPa\Desktop\Uplay.lnk
2014-12-18 01:47 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 01:47 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 22:56 - 2012-03-12 09:52 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-17 22:02 - 2014-05-02 03:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 21:43 - 2010-11-18 20:02 - 01398740 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 20:03 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 20:03 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 20:00 - 2009-07-14 18:58 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 20:00 - 2009-07-14 18:58 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 20:00 - 2009-07-14 06:13 - 01628954 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 19:59 - 2014-01-16 20:46 - 00125472 _____ () C:\Users\Luna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 19:56 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-17 19:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 19:56 - 2009-07-14 05:51 - 00008691 _____ () C:\Windows\setupact.log
2015-01-17 19:54 - 2010-11-20 03:31 - 00000000 ____D () C:\Users\PaPa\Documents\Outlook-Dateien
2015-01-17 19:52 - 2012-02-01 16:26 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\UseNeXT
2015-01-17 13:33 - 2011-03-25 00:13 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Skype
2015-01-17 10:16 - 2014-12-09 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 09:04 - 2010-11-18 21:31 - 00002232 ____H () C:\Users\PaPa\Documents\Default.rdp
2015-01-17 08:21 - 2010-11-18 21:31 - 00001832 _____ () C:\Users\PaPa\AppData\Local\SLC_PaPa.prx
2015-01-15 03:23 - 2014-08-11 12:17 - 00000000 ____D () C:\Users\PaPa\AppData\Local\Battle.net
2015-01-15 03:08 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2010-11-18 20:51 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 20:02 - 2014-05-02 03:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 20:02 - 2012-04-01 19:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 20:02 - 2011-05-20 02:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 23:22 - 2010-12-09 02:48 - 00608286 _____ () C:\Windows\DirectX.log
2014-12-31 12:14 - 2010-11-18 20:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-24 18:27 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 19:25 - 2014-06-18 23:53 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Playrix Entertainment
2014-12-23 19:25 - 2014-06-18 23:52 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-12-23 15:11 - 2010-12-18 22:31 - 00000000 ____D () C:\Program Files (x86)\OXXOGames

==================== Files in the root of some directories =======
2011-03-25 00:14 - 2011-03-25 00:14 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\PaPa\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\PaPa\AppData\Local\Temp\42l2nhbh.dll
C:\Users\PaPa\AppData\Local\Temp\comver.dll
C:\Users\PaPa\AppData\Local\Temp\Execute2App.exe
C:\Users\PaPa\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\PaPa\AppData\Local\Temp\fyaq55z0.dll
C:\Users\PaPa\AppData\Local\Temp\j5qqs05o.dll
C:\Users\PaPa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\PaPa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\PaPa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\PaPa\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\PaPa\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\PaPa\AppData\Local\Temp\mbyhidud.dll
C:\Users\PaPa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\PaPa\AppData\Local\Temp\msvcp90.dll
C:\Users\PaPa\AppData\Local\Temp\msvcr90.dll
C:\Users\PaPa\AppData\Local\Temp\raptrpatch.exe
C:\Users\PaPa\AppData\Local\Temp\raptr_stub.exe
C:\Users\PaPa\AppData\Local\Temp\readSTILog.dll
C:\Users\PaPa\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\PaPa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\PaPa\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\PaPa\AppData\Local\Temp\tmpAD18.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 01:14

==================== End Of Log ============================
--- --- ---

--- --- ---
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Luna at 2015-01-17 22:56:43
Running from C:\Users\Luna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Assassin's Creed Liberation (HKLM-x32\...\Steam App 260210) (Version:  - Ubisoft Sofia)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (x32 Version: 1.0.0004.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Check Point SSL Network Extender (HKLM-x32\...\{43d266d5-3603-4fff-a4b2-f706e554aeda}) (Version: 7.01.0000 - CheckPoint)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
DATA BECKER web to date 7 (HKLM-x32\...\web to date 7_is1) (Version: 7.0.0.1790 - DATA BECKER GmbH & Co. KG)
DATA BECKER web to date 8 (HKLM-x32\...\web to date 8_is1) (Version: 8.0.0.2377 - DATA BECKER GmbH & Co. KG)
DATA BECKER web to date 8s (HKLM-x32\...\web to date 8s_is1) (Version: 8.0.0.2479 - DATA BECKER GmbH & Co. KG)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defense Grid 2 (HKLM-x32\...\Steam App 221540) (Version:  - Hidden Path Entertainment)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
Die Fisch-Oase (HKLM-x32\...\Die Fisch-Oase) (Version: 0.0.0.0 - INTENIUM GmbH)
Die Legende der Elfen (HKLM-x32\...\Die Legende der Elfen) (Version: 0.0.0.0 - INTENIUM GmbH)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse)
Fortix 2 (HKLM-x32\...\Steam App 45450) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
GameRanger (HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}) (Version: 14.1.218.12 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\MyFreeCodec) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
Protect Disc License Helper 1.0.125 (IE) (HKU\.DEFAULT\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-4142995849-1864615369-2111312488-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.20.00 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Saqqarah (HKLM-x32\...\Saqqarah) (Version: 0.0.0.0 - INTENIUM GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - Samsung Electronics Co., Ltd.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - )
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - )
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
The Settlers 7: Paths to a Kingdom (HKLM-x32\...\Steam App 48120) (Version:  - Blue Byte Software)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\Steam App 212630) (Version:  - Ubisoft)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Tom Clancy's Splinter Cell: Double Agent (HKLM-x32\...\Steam App 13580) (Version:  - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 0.9.9 (HKLM-x32\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc)
VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden
Vocup 1.4.3 (HKLM-x32\...\Vocup_is1) (Version: 1.4.3 - Florian Amstutz)
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4142995849-1864615369-2111312488-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PaPa\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

11-01-2015 02:20:13 Windows Update
11-01-2015 06:00:19 Windows-Sicherung
14-01-2015 03:29:15 Windows Update
15-01-2015 03:00:13 Windows Update
16-01-2015 03:00:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E1AF75E-BADC-42E9-8C80-22201A682B32} - System32\Tasks\{2D0F3BBF-F629-4FDD-B56D-03165C935DD5} => pcalua.exe -a E:\Steam\steam.exe -c steam://uninstall/91600
Task: {4FAC9094-FC52-41FC-85E6-EB7FDFD6A21B} - System32\Tasks\{9CA286A6-568C-47A6-B735-80690E7C48CF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {5A31968F-9B47-460A-B138-9F2D72FB0523} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {9C0A9EAD-5AB1-4B0D-AF41-9B5604A35C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {9C21D0B2-002C-4B96-99D4-B402AD2C60C1} - System32\Tasks\{43E57121-EDAF-4159-A7BE-AF0CE30A96A7} => C:\Users\PaPa\Desktop\FreeYouTubeDownload.exe
Task: {ACADED06-E5BE-4CBD-969E-E93687F0586D} - System32\Tasks\{2289ABA9-5997-48A0-BC34-579DE98AA235} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CC294F9E-9E5C-4EBC-B0F1-ED1E422E3480} - System32\Tasks\{07E2F115-9802-4B5F-B64A-FFA951C9B4F7} => Z:\setup.exe
Task: {D39BF46D-83E6-4B1F-B578-8E5CD62F64E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7EFDEF2-902D-4C33-AB78-77FBE12C1440} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D8215441-30CC-4058-8274-88C5DA3D4BF3} - System32\Tasks\{9D8559CA-3766-432B-AFC8-834C34266710} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe
Task: {EBAD56C4-C0FE-4926-AD73-F5836F8EF9D0} - System32\Tasks\{909574BF-9F76-47AF-9D91-DDE3C8655698} => pcalua.exe -a "C:\Users\PaPa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPYU8WAT\ViewerInstall.exe" -d C:\Users\PaPa\Desktop
Task: {FE2B392E-F04F-48A8-8788-C0A0935CD9F3} - System32\Tasks\{F8DAA865-C0FA-42C1-AEAF-D81927FCE62F} => Z:\setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 09:49 - 2011-06-22 08:14 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2012-03-12 09:49 - 2011-06-22 08:13 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst2cdu.dll
2013-06-13 21:47 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-12-14 23:09 - 2013-12-28 10:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-01-17 19:53 - 2015-01-17 19:53 - 00604926 _____ () C:\Users\PaPa\AppData\Roaming\loadit.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-03-12 09:50 - 2011-04-29 08:58 - 01990144 _____ () C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
2012-03-12 09:50 - 2009-10-31 14:42 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3180\ssole.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-09 18:20 - 2014-12-09 18:21 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4142995849-1864615369-2111312488-500 - Administrator - Disabled)
Gast (S-1-5-21-4142995849-1864615369-2111312488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4142995849-1864615369-2111312488-1002 - Limited - Enabled)
Luna (S-1-5-21-4142995849-1864615369-2111312488-1006 - Administrator - Enabled) => C:\Users\Luna
PaPa (S-1-5-21-4142995849-1864615369-2111312488-1000 - Administrator - Enabled) => C:\Users\PaPa

==================== Faulty Device Manager Devices =============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 08:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x53ad0dcc
Name des fehlerhaften Moduls: CLI.Caste.Platform.Runtime.ni.dll, Version: 4.5.5371.30970, Zeitstempel: 0x54176444
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000dee0
ID des fehlerhaften Prozesses: 0x1290
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3

Error: (01/17/2015 08:12:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FEE5CCDEE0

Error: (01/17/2015 08:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1744

Startzeit: 01d032892e5dc922

Endzeit: 3

Anwendungspfad: C:\Users\Luna\Desktop\OTL.exe

Berichts-ID:

Error: (01/11/2015 07:18:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2015 09:21:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Crusader2.exe, Version: 0.0.0.0, Zeitstempel: 0x549436c7
Name des fehlerhaften Moduls: StrongholdBase.dll, Version: 0.0.0.0, Zeitstempel: 0x549436c0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0029366a
ID des fehlerhaften Prozesses: 0x1d894
Startzeit der fehlerhaften Anwendung: 0xCrusader2.exe0
Pfad der fehlerhaften Anwendung: Crusader2.exe1
Pfad des fehlerhaften Moduls: Crusader2.exe2
Berichtskennung: Crusader2.exe3

Error: (01/02/2015 09:08:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Crusader2.exe, Version: 0.0.0.0, Zeitstempel: 0x549436c7
Name des fehlerhaften Moduls: StrongholdBase.dll, Version: 0.0.0.0, Zeitstempel: 0x549436c0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0029366a
ID des fehlerhaften Prozesses: 0x1e48c
Startzeit der fehlerhaften Anwendung: 0xCrusader2.exe0
Pfad der fehlerhaften Anwendung: Crusader2.exe1
Pfad des fehlerhaften Moduls: Crusader2.exe2
Berichtskennung: Crusader2.exe3

Error: (12/28/2014 09:27:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SC2.exe, Version 2.1.8.33553 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 144b8

Startzeit: 01d022b85dd34654

Endzeit: 301

Anwendungspfad: E:\Games\StarCraft II\Versions\Base32283\SC2.exe

Berichts-ID: de8873be-8ecf-11e4-b86e-544ee61cf20c

Error: (12/13/2014 09:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm KiesPDLR.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e10

Startzeit: 01d016a72109e9a5

Endzeit: 2

Anwendungspfad: D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

Berichts-ID: cb661e8b-82a5-11e4-b86e-544ee61cf20c

Error: (12/13/2014 03:18:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1305.

Error: (12/11/2014 08:07:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShadowOfMordor.exe, Version: 1.0.1636.37, Zeitstempel: 0x545be0a0
Name des fehlerhaften Moduls: ShadowOfMordor.exe, Version: 1.0.1636.37, Zeitstempel: 0x545be0a0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003ef076
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0xShadowOfMordor.exe0
Pfad der fehlerhaften Anwendung: ShadowOfMordor.exe1
Pfad des fehlerhaften Moduls: ShadowOfMordor.exe2
Berichtskennung: ShadowOfMordor.exe3


System errors:
=============
Error: (01/17/2015 07:57:25 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/17/2015 07:56:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/17/2015 07:56:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (01/16/2015 07:39:24 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/16/2015 07:38:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/16/2015 07:38:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (01/15/2015 03:28:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/15/2015 03:27:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MSCamSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/15/2015 03:27:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error: (01/06/2015 02:34:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NINA",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C291760E-B7E5-43B4-839B-89E83D13A369}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (01/17/2015 08:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccCLI.Caste.Platform.Runtime.ni.dll4.5.5371.3097054176444c0000005000000000000dee0129001d03287c0fc0412C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\a5f643ec54a6e3ceb3436cf89ff49798\CLI.Caste.Platform.Runtime.ni.dllc015c51a-9e7c-11e4-acb1-544ee61cf20c

Error: (01/17/2015 08:12:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 000007FEE5CCDEE0

Error: (01/17/2015 08:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.0174401d032892e5dc9223C:\Users\Luna\Desktop\OTL.exe

Error: (01/11/2015 07:18:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestG:\Jan\Programme\SoftonicDownloader_fuer_moviejack-4-mobile.exe

Error: (01/02/2015 09:21:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Crusader2.exe0.0.0.0549436c7StrongholdBase.dll0.0.0.0549436c0c00000050029366a1d89401d02664bac09107E:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exeE:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\StrongholdBase.dll59f6a65a-9258-11e4-b86e-544ee61cf20c

Error: (01/02/2015 09:08:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Crusader2.exe0.0.0.0549436c7StrongholdBase.dll0.0.0.0549436c0c00000050029366a1e48c01d02660a622207aE:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exeE:\Steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\StrongholdBase.dll8b62b8c9-9256-11e4-b86e-544ee61cf20c

Error: (12/28/2014 09:27:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SC2.exe2.1.8.33553144b801d022b85dd34654301E:\Games\StarCraft II\Versions\Base32283\SC2.exede8873be-8ecf-11e4-b86e-544ee61cf20c

Error: (12/13/2014 09:55:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: KiesPDLR.exe1.0.0.1e1001d016a72109e9a52D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.execb661e8b-82a5-11e4-b86e-544ee61cf20c

Error: (12/13/2014 03:18:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1305

Error: (12/11/2014 08:07:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShadowOfMordor.exe1.0.1636.37545be0a0ShadowOfMordor.exe1.0.1636.37545be0a0c000000500000000003ef076d4401d0150e56183a50E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exeE:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe6f1296f2-8104-11e4-9d5f-544ee61cf20c


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 38%
Total physical RAM: 8190.05 MB
Available physical RAM: 5004.34 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 12706.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:33.37 GB) NTFS
Drive d: (DATA01) (Fixed) (Total:365.66 GB) (Free:191.81 GB) NTFS
Drive e: (DATA02) (Fixed) (Total:1397.26 GB) (Free:400.36 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:818.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AF2DF33E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 65609DBA)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 18.01.2015 14:51
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SiD867 18.01.2015 21:09
Scan habe ich durchgefuehrt - es sind einige Dateien geloescht worden, die scheint mit dem AKM zu tun hatten... wie auch immer, logfile nachstehend ;-)

ich hab bei der Gelegenheit, nach dem Neustart und anzeigen des logfiles, gleich mein run Verzeichnis sauber gemacht - ist nun leer.

wie ist nun der naechste schritt?


Code:
ComboFix 15-01-18.01 - Luna 18.01.2015  20:33:03.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.8190.4948 [GMT 1:00]
ausgeführt von:: c:\users\Luna\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PaPa\AppData\Local\assembly\tmp
c:\users\PaPa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F1C86AF-B64B-40B7-8D8A-0BF908541988}.xps
c:\users\PaPa\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C2BBD151-F957-4573-8292-768CB9ACF602}.xps
c:\users\PaPa\AppData\Roaming\autostarter.exe
c:\users\PaPa\AppData\Roaming\loadit.exe
c:\users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
c:\users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
E:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-18 bis 2015-01-18  ))))))))))))))))))))))))))))))
.
.
2015-01-18 19:07 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCD8EF51-FA08-40FC-A38A-452B31CFCC94}\mpengine.dll
2015-01-18 00:44 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-18 00:26 . 2015-01-18 00:26        --------        d-----w-        c:\users\Luna\AppData\Local\Blizzard Entertainment
2015-01-18 00:26 . 2015-01-18 19:32        --------        d-----w-        c:\users\Luna\AppData\Local\Battle.net
2015-01-18 00:26 . 2015-01-18 00:26        --------        d-----w-        c:\users\Luna\AppData\Roaming\Battle.net
2015-01-17 21:56 . 2015-01-17 21:57        --------        d-----w-        C:\FRST
2015-01-17 19:47 . 2015-01-17 19:47        --------        d-----w-        c:\users\Luna\AppData\Local\Mozilla
2015-01-17 19:01 . 2015-01-17 19:01        --------        d-sh--w-        c:\users\Luna\AppData\Local\EmieUserList
2015-01-17 19:01 . 2015-01-17 19:01        --------        d-sh--w-        c:\users\Luna\AppData\Local\EmieSiteList
2015-01-17 19:01 . 2015-01-17 19:01        --------        d-sh--w-        c:\users\Luna\AppData\Local\EmieBrowserModeList
2015-01-17 18:59 . 2015-01-17 18:59        --------        d-----w-        c:\users\Luna\AppData\Local\Razer
2015-01-17 06:50 . 2014-09-17 02:35        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2301CF6-F6B8-4D69-9030-54300E193109}\gapaengine.dll
2015-01-15 07:16 . 2014-12-12 05:35        5553592        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-01-15 07:16 . 2014-12-12 05:31        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-01-15 07:16 . 2014-12-12 05:31        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-01-15 07:16 . 2014-12-12 05:31        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-01-15 07:16 . 2014-12-12 05:11        3971512        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 07:16 . 2014-12-12 05:11        3916728        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 07:16 . 2014-12-12 05:07        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-01-14 10:56 . 2014-12-19 03:06        210432        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-14 10:56 . 2014-12-11 17:47        62976        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2015-01-14 10:56 . 2014-12-06 04:17        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-14 10:56 . 2014-12-06 03:50        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2015-01-14 10:56 . 2014-12-06 03:50        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2015-01-14 10:56 . 2014-12-19 01:46        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-23 17:48 . 2014-12-23 17:52        --------        d-----w-        c:\users\PaPa\AppData\Roaming\Ancient Quest of Saqqarah__intenium
2014-12-23 14:13 . 2014-12-23 14:13        --------        d-----w-        c:\users\PaPa\AppData\Roaming\GrowingGrass
2014-12-23 14:12 . 2014-12-23 14:12        --------        d-----w-        c:\users\PaPa\AppData\Roaming\Intenium
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-18 07:42 . 2014-07-23 09:15        163504        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-01-15 02:01 . 2010-11-18 19:51        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-14 19:02 . 2012-04-01 18:11        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 19:02 . 2011-05-20 01:38        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-31 11:14 . 2010-11-18 19:12        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 00:47        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 00:47        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 05:10        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 05:10        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 05:10        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 05:10        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 05:10        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 05:10        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 05:10        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 05:10        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 05:09        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 05:09        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 05:09        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 05:09        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 05:09        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 05:09        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 05:09        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 05:09        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 05:09        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 05:09        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 05:09        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 05:09        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 05:09        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 05:09        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 05:09        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 05:09        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 05:09        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 05:09        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 05:09        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 05:09        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 05:09        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 05:09        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 05:09        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 05:09        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 05:09        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 05:09        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 05:09        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 05:09        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 05:09        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 05:09        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 05:09        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 05:09        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 05:09        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 05:09        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 05:09        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 05:09        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 05:09        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 05:09        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 05:09        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 05:09        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-20 08:23 . 2014-11-20 08:23        9728        ----a-w-        c:\windows\SysWow64\RzStats.IPC.dll
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-17 21:37 . 2014-12-06 13:29        129600        ----a-w-        c:\windows\system32\drivers\rzpnk.sys
2014-11-11 04:27 . 2014-11-11 04:27        80384        ----a-w-        c:\windows\system32\RazerCoinstaller.dll
2014-11-11 03:09 . 2014-12-10 05:09        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 04:47        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 04:47        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 05:09        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 04:47        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 04:47        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 05:09        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 05:06        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 05:06        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-10-31 22:27 . 2014-12-06 13:28        37184        ----a-w-        c:\windows\system32\drivers\rzpmgrk.sys
2014-10-30 02:03 . 2014-12-10 05:07        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 05:07        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 08:14        77824        ----a-w-        c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:14        67584        ----a-w-        c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Regedit32"="c:\windows\system32\regedit.exe" [2009-07-14 398336]
"KiesTrayAgent"="d:\samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
"vmware-tray.exe"="d:\vmware\vmware-tray.exe" [2012-08-15 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 585536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
R3 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiK0621;SaiK0621;c:\windows\system32\DRIVERS\SaiK0621.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0621.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R3 VMwareHostd;VMware Workstation Server;d:\vmware\vmware-hostd.exe;d:\vmware\vmware-hostd.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys;c:\windows\SYSNATIVE\DRIVERS\vna.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn.ergo-austria.at/CSHELL/extender.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Luna\AppData\Roaming\Mozilla\Firefox\Profiles\mtkxb9px.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Free M4a to MP3 Converter_is1 - e:\alex\Eigene Musik\Free M4a to MP3 Converter\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Vocup_is1 - e:\alex\Vocup\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-18  21:05:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-18 20:05
.
Vor Suchlauf: 8 Verzeichnis(se), 35.987.083.264 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 38.010.564.608 Bytes frei
.
- - End Of File - - 5CC0AD6D480278C80C5309F561B41663
A36C5E4F47E84449FF07ED3517B43A31

cosinus 18.01.2015 23:20
Ok, weiter mit MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

SiD867 20.01.2015 00:54
habe mbar ausgefuehrt, bereinigt - rebootet - erneut ausgefuehrt, keine weitere malware wurde gefunden.

logfile nachstehend..


Code:
Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.01.19.15
  rootkit: v2015.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Luna :: VICOM [administrator]

19.01.2015 23:59:01
mbar-log-2015-01-19 (23-59-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 408356
Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 20.01.2015 09:51
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


SiD867 20.01.2015 21:34
Habe alles durchegefuehrt

Logfiles nachstehend - lediglich die Addition.txt wurde nicht erstellt.

Code:
# AdwCleaner v4.108 - Bericht erstellt am 20/01/2015 um 21:19:59
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-13.2 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luna - VICOM
# Gestartet von : C:\Users\Luna\Desktop\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Alawar Stargaze
Ordner Gelöscht : C:\Users\PaPa\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\PaPa\AppData\LocalLow\SweetIM
[!] Ordner Gelöscht : C:\Users\PaPa\AppData\Roaming\Mozilla\Firefox\Profiles\hlgtn5tq.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\PaPa\AppData\Roaming\Mozilla\Firefox\Profiles\hlgtn5tq.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\PaPa\AppData\Roaming\Mozilla\Firefox\Profiles\hlgtn5tq.default\searchplugins\SweetIm.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 de)

[hlgtn5tq.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.26010003&q=");

*************************

AdwCleaner[R0].txt - [2863 octets] - [20/01/2015 21:04:47]
AdwCleaner[R1].txt - [2924 octets] - [20/01/2015 21:19:15]
AdwCleaner[S0].txt - [2850 octets] - [20/01/2015 21:19:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2910 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luna on 20.01.2015 at 21:24:46,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2015 at 21:26:59,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Luna (administrator) on VICOM on 20-01-2015 21:31:12
Running from C:\Users\Luna\Desktop
Loaded Profiles: Luna (Available profiles: PaPa & Luna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2328944 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4142995849-1864615369-2111312488-1006 -> DefaultScope {605EC61D-980B-4836-BDDF-C60E8B5BC6A9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4142995849-1864615369-2111312488-1006 -> {605EC61D-980B-4836-BDDF-C60E8B5BC6A9} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://vpn.ergo-austria.at/CSHELL/extender.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Luna\AppData\Roaming\Mozilla\Firefox\Profiles\mtkxb9px.default
FF Homepage: https://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 -> C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-09]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [353984 2012-09-12] (Check Point Software Technologies)
S3 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-28] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S3 VMAuthdService; D:\VMWare\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S3 VMwareHostd; D:\VMWare\vmware-hostd.exe [15680000 2012-08-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-01] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
S3 SaiK0621; C:\Windows\System32\DRIVERS\SaiK0621.sys [131584 2008-10-22] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [16000 2009-06-10] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [43264 2009-06-10] (Saitek)
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-11-02] (Check Point Software Technologies)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:28 - 2015-01-20 21:28 - 02126848 _____ (Farbar) C:\Users\Luna\Desktop\FRST64.exe
2015-01-20 21:26 - 2015-01-20 21:26 - 00000696 _____ () C:\Users\Luna\Desktop\JRT.txt
2015-01-20 21:24 - 2015-01-20 21:24 - 00000000 ____D () C:\Windows\ERUNT
2015-01-20 21:23 - 2015-01-20 21:23 - 01707939 _____ (Thisisu) C:\Users\Luna\Desktop\JRT.exe
2015-01-20 21:04 - 2015-01-20 21:20 - 00000000 ____D () C:\AdwCleaner
2015-01-20 21:03 - 2015-01-20 21:03 - 02186752 _____ () C:\Users\Luna\Desktop\AdwCleaner_4.108.exe
2015-01-19 23:58 - 2015-01-19 23:58 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Luna\Desktop\mbar-1.08.3.1004.exe
2015-01-19 09:27 - 2015-01-20 00:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-19 09:27 - 2015-01-19 23:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-19 09:27 - 2015-01-19 09:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-19 09:26 - 2015-01-20 00:53 - 00000000 ____D () C:\Users\Luna\Desktop\mbar
2015-01-19 09:26 - 2015-01-19 23:58 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-19 09:26 - 2015-01-19 09:26 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Luna\Desktop\mbar-1.08.2.1001.exe
2015-01-18 21:07 - 2015-01-18 21:07 - 00026962 _____ () C:\Users\Luna\Desktop\SiD_ComboFix.txt
2015-01-18 21:06 - 2015-01-18 21:06 - 00026962 _____ () C:\ComboFix.txt
2015-01-18 20:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-18 20:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-18 20:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-18 20:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-18 20:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-18 20:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-18 20:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-18 20:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-18 20:30 - 2015-01-18 21:06 - 00000000 ____D () C:\Qoobox
2015-01-18 20:30 - 2015-01-18 21:03 - 00000000 ____D () C:\Windows\erdnt
2015-01-18 20:29 - 2015-01-18 20:29 - 05608785 ____R (Swearware) C:\Users\Luna\Desktop\ComboFix.exe
2015-01-18 01:26 - 2015-01-18 20:32 - 00000000 ____D () C:\Users\Luna\AppData\Local\Battle.net
2015-01-18 01:26 - 2015-01-18 01:26 - 00000000 ____D () C:\Users\Luna\AppData\Roaming\Battle.net
2015-01-18 01:26 - 2015-01-18 01:26 - 00000000 ____D () C:\Users\Luna\AppData\Local\Blizzard Entertainment
2015-01-17 22:56 - 2015-01-20 21:31 - 00014289 _____ () C:\Users\Luna\Desktop\FRST.txt
2015-01-17 22:56 - 2015-01-20 21:31 - 00000000 ____D () C:\FRST
2015-01-17 20:47 - 2015-01-17 20:47 - 00000000 ____D () C:\Users\Luna\AppData\Roaming\Mozilla
2015-01-17 20:47 - 2015-01-17 20:47 - 00000000 ____D () C:\Users\Luna\AppData\Local\Mozilla
2015-01-17 20:44 - 2015-01-17 20:44 - 00088038 _____ () C:\Users\Luna\Desktop\OTL_SiD.Txt
2015-01-17 20:42 - 2015-01-17 20:42 - 00193938 _____ () C:\Users\Luna\Desktop\Extras_SiD.Txt
2015-01-17 20:21 - 2015-01-17 20:21 - 00193942 _____ () C:\Users\Luna\Desktop\Extras.Txt
2015-01-17 20:20 - 2015-01-17 20:20 - 00088038 _____ () C:\Users\Luna\Desktop\OTL.Txt
2015-01-17 20:08 - 2015-01-17 20:08 - 00602112 _____ (OldTimer Tools) C:\Users\Luna\Desktop\OTL.exe
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieUserList
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieSiteList
2015-01-17 20:01 - 2015-01-17 20:01 - 00000000 __SHD () C:\Users\Luna\AppData\Local\EmieBrowserModeList
2015-01-17 19:59 - 2015-01-17 19:59 - 00000000 ____D () C:\Users\Luna\AppData\Local\Razer
2015-01-17 19:53 - 2015-01-17 19:53 - 00000032 _____ () C:\Users\PaPa\AppData\Roaming\url.txt
2015-01-15 08:16 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:16 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:16 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:16 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:16 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:16 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:16 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:56 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:56 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:56 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:56 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:56 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 23:23 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\PaPa\Documents\Stronghold Crusader 2
2014-12-23 19:25 - 2014-12-23 19:25 - 00001283 _____ () C:\Users\Public\Desktop\Die Fisch-Oase.lnk
2014-12-23 18:48 - 2014-12-23 18:52 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Ancient Quest of Saqqarah__intenium
2014-12-23 18:47 - 2014-12-23 18:47 - 00001235 _____ () C:\Users\Public\Desktop\Saqqarah.lnk
2014-12-23 15:13 - 2014-12-23 15:13 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\GrowingGrass
2014-12-23 15:12 - 2014-12-23 19:25 - 00001141 _____ () C:\Users\Public\Desktop\GAME CENTER.lnk
2014-12-23 15:12 - 2014-12-23 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-12-23 15:12 - 2014-12-23 15:12 - 00001355 _____ () C:\Users\Public\Desktop\Die Legende der Elfen.lnk
2014-12-23 15:12 - 2014-12-23 15:12 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
2014-12-23 15:12 - 2014-12-23 15:12 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Intenium
2014-12-23 15:09 - 2014-12-23 19:24 - 00000000 ____D () C:\Users\PaPa\Desktop\spiele
2014-12-23 14:44 - 2014-12-23 14:44 - 00000000 ____D () C:\Users\PaPa\AppData\Local\{F629AA1C-82E4-4F60-A436-548C9D43A270}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 21:30 - 2012-03-12 09:52 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-20 21:29 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:29 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 21:28 - 2009-07-14 18:58 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-01-20 21:28 - 2009-07-14 18:58 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-01-20 21:28 - 2009-07-14 06:13 - 01628954 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 21:26 - 2010-11-18 20:02 - 01703070 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 21:21 - 2010-11-18 21:04 - 00378688 _____ () C:\Windows\PFRO.log
2015-01-20 21:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 21:21 - 2009-07-14 05:51 - 00008859 _____ () C:\Windows\setupact.log
2015-01-20 21:02 - 2014-05-02 03:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 10:00 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 21:14 - 2014-12-09 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 21:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-18 20:55 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-18 20:53 - 2009-07-14 03:34 - 23330816 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-18 20:53 - 2009-07-14 03:34 - 106954752 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-18 20:53 - 2009-07-14 03:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-18 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-18 20:53 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-17 19:59 - 2014-01-16 20:46 - 00125472 _____ () C:\Users\Luna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 19:56 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-17 19:54 - 2010-11-20 03:31 - 00000000 ____D () C:\Users\PaPa\Documents\Outlook-Dateien
2015-01-17 19:52 - 2012-02-01 16:26 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\UseNeXT
2015-01-17 13:33 - 2011-03-25 00:13 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Skype
2015-01-17 09:04 - 2010-11-18 21:31 - 00002232 ____H () C:\Users\PaPa\Documents\Default.rdp
2015-01-17 08:21 - 2010-11-18 21:31 - 00001832 _____ () C:\Users\PaPa\AppData\Local\SLC_PaPa.prx
2015-01-15 03:23 - 2014-08-11 12:17 - 00000000 ____D () C:\Users\PaPa\AppData\Local\Battle.net
2015-01-15 03:08 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:01 - 2010-11-18 20:51 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 20:02 - 2014-05-02 03:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 20:02 - 2012-04-01 19:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 20:02 - 2011-05-20 02:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-01 23:22 - 2010-12-09 02:48 - 00608286 _____ () C:\Windows\DirectX.log
2014-12-31 12:14 - 2010-11-18 20:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-24 18:27 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-23 19:25 - 2014-06-18 23:53 - 00000000 ____D () C:\Users\PaPa\AppData\Roaming\Playrix Entertainment
2014-12-23 19:25 - 2014-06-18 23:52 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-12-23 15:11 - 2010-12-18 22:31 - 00000000 ____D () C:\Program Files (x86)\OXXOGames

==================== Files in the root of some directories =======
2011-03-25 00:14 - 2011-03-25 00:14 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Luna\AppData\Local\Temp\Quarantine.exe
C:\Users\Luna\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 01:14

==================== End Of Log ============================
--- --- ---

cosinus 20.01.2015 22:03
Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

SiD867 21.01.2015 09:28
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Luna at 2015-01-21 09:27:57
Running from C:\Users\Luna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed Unity (HKLM-x32\...\Steam App 289650) (Version:  - Ubisoft)
Assassin's Creed (HKLM-x32\...\Steam App 15100) (Version:  - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )
Assassin's Creed II (HKLM-x32\...\Steam App 33230) (Version:  - Ubisoft Montreal)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
Assassin's Creed Liberation (HKLM-x32\...\Steam App 260210) (Version:  - Ubisoft Sofia)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (x32 Version: 1.0.0004.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series Benutzerregistrierung (HKLM-x32\...\Canon MG5500 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Check Point SSL Network Extender (HKLM-x32\...\{43d266d5-3603-4fff-a4b2-f706e554aeda}) (Version: 7.01.0000 - CheckPoint)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
DATA BECKER web to date 7 (HKLM-x32\...\web to date 7_is1) (Version: 7.0.0.1790 - DATA BECKER GmbH & Co. KG)
DATA BECKER web to date 8 (HKLM-x32\...\web to date 8_is1) (Version: 8.0.0.2377 - DATA BECKER GmbH & Co. KG)
DATA BECKER web to date 8s (HKLM-x32\...\web to date 8s_is1) (Version: 8.0.0.2479 - DATA BECKER GmbH & Co. KG)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Defense Grid 2 (HKLM-x32\...\Steam App 221540) (Version:  - Hidden Path Entertainment)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.14 - INTENIUM GmbH)
Die Fisch-Oase (HKLM-x32\...\Die Fisch-Oase) (Version: 0.0.0.0 - INTENIUM GmbH)
Die Legende der Elfen (HKLM-x32\...\Die Legende der Elfen) (Version: 0.0.0.0 - INTENIUM GmbH)
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FileZilla Client 3.7.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1.1 - Tim Kosse)
Fortix 2 (HKLM-x32\...\Steam App 45450) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Download Manager (HKLM-x32\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{2BF35D84-6377-4F70-9F39-97CF67E67FFF}) (Version: 8.01.249.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D4E54C39-AC87-4C48-B6E0-A073F21E9B8A}) (Version: 14.1.218.12 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.20.00 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Saqqarah (HKLM-x32\...\Saqqarah) (Version: 0.0.0.0 - INTENIUM GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - Samsung Electronics Co., Ltd.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - )
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - )
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version:  - FireFly Studios)
The Settlers 7: Paths to a Kingdom (HKLM-x32\...\Steam App 48120) (Version:  - Blue Byte Software)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\Steam App 212630) (Version:  - Ubisoft)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Tom Clancy's Splinter Cell: Double Agent (HKLM-x32\...\Steam App 13580) (Version:  - Ubisoft)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 0.9.9 (HKLM-x32\...\VLC media player) (Version: 0.9.9 - VideoLAN Team)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc)
VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden
Vocup 1.4.3 (HKLM-x32\...\Vocup_is1) (Version: 1.4.3 - Florian Amstutz)
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version:  - Samsung Electronics Co., Ltd.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-01-2015 03:00:13 Windows Update
16-01-2015 03:00:12 Windows Update
18-01-2015 06:00:16 Windows-Sicherung
19-01-2015 09:57:11 Malwarebytes Anti-Rootkit Restore Point
20-01-2015 10:12:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-18 20:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E1AF75E-BADC-42E9-8C80-22201A682B32} - System32\Tasks\{2D0F3BBF-F629-4FDD-B56D-03165C935DD5} => pcalua.exe -a E:\Steam\steam.exe -c steam://uninstall/91600
Task: {4FAC9094-FC52-41FC-85E6-EB7FDFD6A21B} - System32\Tasks\{9CA286A6-568C-47A6-B735-80690E7C48CF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.0.0.156.259/de/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {5A31968F-9B47-460A-B138-9F2D72FB0523} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {9C0A9EAD-5AB1-4B0D-AF41-9B5604A35C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {9C21D0B2-002C-4B96-99D4-B402AD2C60C1} - System32\Tasks\{43E57121-EDAF-4159-A7BE-AF0CE30A96A7} => C:\Users\PaPa\Desktop\FreeYouTubeDownload.exe
Task: {ACADED06-E5BE-4CBD-969E-E93687F0586D} - System32\Tasks\{2289ABA9-5997-48A0-BC34-579DE98AA235} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {CC294F9E-9E5C-4EBC-B0F1-ED1E422E3480} - System32\Tasks\{07E2F115-9802-4B5F-B64A-FFA951C9B4F7} => Z:\setup.exe
Task: {D39BF46D-83E6-4B1F-B578-8E5CD62F64E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D7EFDEF2-902D-4C33-AB78-77FBE12C1440} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D8215441-30CC-4058-8274-88C5DA3D4BF3} - System32\Tasks\{9D8559CA-3766-432B-AFC8-834C34266710} => C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe
Task: {EBAD56C4-C0FE-4926-AD73-F5836F8EF9D0} - System32\Tasks\{909574BF-9F76-47AF-9D91-DDE3C8655698} => pcalua.exe -a "C:\Users\PaPa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPYU8WAT\ViewerInstall.exe" -d C:\Users\PaPa\Desktop
Task: {FE2B392E-F04F-48A8-8788-C0A0935CD9F3} - System32\Tasks\{F8DAA865-C0FA-42C1-AEAF-D81927FCE62F} => Z:\setup.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-03-12 09:49 - 2011-06-22 08:14 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2012-03-12 09:49 - 2011-06-22 08:13 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst2cdu.dll
2013-06-13 21:47 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-12-14 23:09 - 2013-12-28 10:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-09 18:20 - 2015-01-18 21:14 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4142995849-1864615369-2111312488-500 - Administrator - Disabled)
Gast (S-1-5-21-4142995849-1864615369-2111312488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4142995849-1864615369-2111312488-1002 - Limited - Enabled)
Luna (S-1-5-21-4142995849-1864615369-2111312488-1006 - Administrator - Enabled) => C:\Users\Luna
PaPa (S-1-5-21-4142995849-1864615369-2111312488-1000 - Administrator - Enabled) => C:\Users\PaPa

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (01/20/2015 10:05:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-18 20:41:46.523
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-18 20:41:46.414
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 8190.05 MB
Available physical RAM: 5542.87 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 13355.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:100 GB) (Free:31.6 GB) NTFS
Drive d: (DATA01) (Fixed) (Total:365.66 GB) (Free:191.81 GB) NTFS
Drive e: (DATA02) (Fixed) (Total:1397.26 GB) (Free:406.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AF2DF33E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.7 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 65609DBA)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 21.01.2015 09:40
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\PaPa\AppData\Local\{F629AA1C-82E4-4F60-A436-548C9D43A270}
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


SiD867 21.01.2015 20:41
Alles erledigt... siehe unten.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Luna at 2015-01-21 20:34:39 Run:1
Running from C:\Users\Luna\Desktop
Loaded Profiles: Luna (Available profiles: PaPa & Luna)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\PaPa\AppData\Local\{F629AA1C-82E4-4F60-A436-548C9D43A270}
EmptyTemp:
Hosts:
*****************

"HKU\S-1-5-21-4142995849-1864615369-2111312488-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\PaPa\AppData\Local\{F629AA1C-82E4-4F60-A436-548C9D43A270} => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:35:50 ====

cosinus 21.01.2015 20:43
Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


SiD867 22.01.2015 07:45
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 22.01.2015 00:50:06, SYSTEM, VICOM, Protection, Malware Protection, Starting,
Protection, 22.01.2015 00:50:06, SYSTEM, VICOM, Protection, Malware Protection, Started,
Protection, 22.01.2015 00:50:06, SYSTEM, VICOM, Protection, Malicious Website Protection, Starting,
Protection, 22.01.2015 00:50:06, SYSTEM, VICOM, Protection, Malicious Website Protection, Started,

(end)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a6dc440af9ee284cad57c702d702a88b
# engine=22082
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-22 12:42:20
# local_time=2015-01-22 01:42:20 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11486393 116068550 0 0
# scanned=539179
# found=5
# cleaned=0
# scan_time=13382
sh=0EE4AC9C12690AAB51C42437A51F943678E57D92 ft=1 fh=c71c00114f142bf4 vn="Win32/TrojanDownloader.Autoit.NUX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\PaPa\AppData\Roaming\autostarter.exe.vir"
sh=54F090123D60E84397B9F1476F91E725ADE25E00 ft=1 fh=e7e70da2e3f97246 vn="Mehrere Bedrohungen" ac=I fn="C:\Qoobox\Quarantine\C\Users\PaPa\AppData\Roaming\loadit.exe.vir"
sh=0EE4AC9C12690AAB51C42437A51F943678E57D92 ft=1 fh=c71c00114f142bf4 vn="Win32/TrojanDownloader.Autoit.NUX Trojaner" ac=I fn="E:\Movies\wizard\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720p.WebHD.h264-idTV.exe"
sh=ABED89A4B4700424A2C06D7333C2D6C3123EBF16 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="E:\VICOM\Backup Set 2015-01-11 060002\Backup Files 2015-01-18 060000\Backup files 1.zip"
sh=696D981AFFC777DFA771F3E441DA5A015387AED9 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Autoit.NUX Trojaner" ac=I fn="E:\VICOM\Backup Set 2015-01-11 060002\Backup Files 2015-01-18 060000\Backup files 9.zip"

cosinus 22.01.2015 09:31
Bitte das richtige MBAM Log posten

SiD867 22.01.2015 21:51
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 22.01.2015
Suchlauf-Zeit: 21:33:28
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.22.11
Rootkit Datenbank: v2015.01.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Luna

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 409671
Verstrichene Zeit: 9 Min, 52 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

cosinus 22.01.2015 21:55
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
E:\Movies\wizard\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720p.WebHD.h264-idTV.exe
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


SiD867 22.01.2015 22:16
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Luna at 2015-01-22 22:10:54 Run:2
Running from C:\Users\Luna\Desktop
Loaded Profiles: Luna (Available profiles: PaPa & Luna)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
E:\Movies\wizard\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720p.WebHD.h264-idTV.exe
EmptyTemp:
*****************

E:\Movies\wizard\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720\Friends.With.Better.Lives.S01E08.GERMAN.Dubbed.720p.WebHD.h264-idTV.exe => Moved successfully.
EmptyTemp: => Removed 45.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:11:04 ====

cosinus 23.01.2015 09:34
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

SiD867 23.01.2015 22:04
Wuhuu!!!

DANKE!! hab mich mit meinem standarduser wieder angemeldet und alles ist bestens auf den ersten blick!

danke dir fuer deine geduld und hilfe, auch dankefuer den tip mit ghostery. ein frage haette ich noch - kannst du mir ein gutes anti-malware program empfehlen?

danke!

lg

cosinus 23.01.2015 22:06
MSE oder Emsisoft

Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

SiD867 23.01.2015 22:19
MSE hab ich im einsatz ;-)

ich werde auch malewarebytes installiert lassen die anderen programme werd ich gemaess deiner anleitung wieder entfernen.

gibt es etwas wie ghostery auch fuer den IE - den verwende ich in erster linie ;-)

noch ein grosses danke!

lg

p.s.: werde noch entsprechndes unter LOB posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131