Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win7 Ultimtate 64bit; nach Bundespolizei-Virus; kein Rechtsklick; nichts installierbar; Speicher auf Festplatte immer voll (https://www.trojaner-board.de/150464-win7-ultimtate-64bit-bundespolizei-virus-kein-rechtsklick-nichts-installierbar-speicher-festplatte-immer-voll.html)

schrauber 29.01.2015 07:01
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CloseProcesses:
HKU\S-1-5-18\...\Run: [kfbuvpzrsuypcoh] => C:\ProgramData\kfbuvpzr.exe
C:\ProgramData\kfbuvpzr.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\PeterLustig\AppData\Local\LPT
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.
C:\Windows\Tasks\At*.job
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - System32\Tasks\At27 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - System32\Tasks\At34 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - System32\Tasks\At16 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - System32\Tasks\At23 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - System32\Tasks\At28 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - System32\Tasks\At41 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - System32\Tasks\At31 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - System32\Tasks\At43 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - System32\Tasks\At19 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - System32\Tasks\At11 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - System32\Tasks\At39 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - System32\Tasks\At25 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - System32\Tasks\At46 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - System32\Tasks\At18 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - System32\Tasks\At3 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - System32\Tasks\At1 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - System32\Tasks\At22 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - System32\Tasks\At8 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - System32\Tasks\At9 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - System32\Tasks\At29 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - System32\Tasks\At7 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - System32\Tasks\At35 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - System32\Tasks\At15 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - System32\Tasks\At33 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - System32\Tasks\At10 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - System32\Tasks\At12 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - System32\Tasks\At13 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - System32\Tasks\At26 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - System32\Tasks\At17 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - System32\Tasks\At38 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - System32\Tasks\At24 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - System32\Tasks\At44 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - System32\Tasks\At45 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - System32\Tasks\At20 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - System32\Tasks\At5 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - System32\Tasks\At4 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - System32\Tasks\At37 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - System32\Tasks\At14 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - System32\Tasks\At6 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - System32\Tasks\At2 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - System32\Tasks\At40 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - System32\Tasks\At32 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - System32\Tasks\At48 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - System32\Tasks\At30 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - System32\Tasks\At42 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - System32\Tasks\At47 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - System32\Tasks\At21 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - System32\Tasks\At36 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION
C:\Windows\Fonts\aXG0Q5j0.com
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


TrisxG 06.02.2015 19:38
Der fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by PeterLustig at 2015-02-06 18:51:12 Run:1
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-18\...\Run: [kfbuvpzrsuypcoh] => C:\ProgramData\kfbuvpzr.exe
C:\ProgramData\kfbuvpzr.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\PeterLustig\AppData\Local\LPT
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.
C:\Windows\Tasks\At*.job
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - System32\Tasks\At27 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - System32\Tasks\At34 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - System32\Tasks\At16 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - System32\Tasks\At23 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - System32\Tasks\At28 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - System32\Tasks\At41 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - System32\Tasks\At31 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - System32\Tasks\At43 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - System32\Tasks\At19 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - System32\Tasks\At11 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - System32\Tasks\At39 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - System32\Tasks\At25 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - System32\Tasks\At46 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - System32\Tasks\At18 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - System32\Tasks\At3 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - System32\Tasks\At1 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - System32\Tasks\At22 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - System32\Tasks\At8 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - System32\Tasks\At9 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - System32\Tasks\At29 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - System32\Tasks\At7 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - System32\Tasks\At35 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - System32\Tasks\At15 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - System32\Tasks\At33 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - System32\Tasks\At10 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - System32\Tasks\At12 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - System32\Tasks\At13 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - System32\Tasks\At26 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - System32\Tasks\At17 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - System32\Tasks\At38 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - System32\Tasks\At24 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - System32\Tasks\At44 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - System32\Tasks\At45 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - System32\Tasks\At20 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - System32\Tasks\At5 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - System32\Tasks\At4 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - System32\Tasks\At37 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - System32\Tasks\At14 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - System32\Tasks\At6 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - System32\Tasks\At2 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - System32\Tasks\At40 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - System32\Tasks\At32 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - System32\Tasks\At48 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - System32\Tasks\At30 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - System32\Tasks\At42 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - System32\Tasks\At47 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - System32\Tasks\At21 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - System32\Tasks\At36 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION
C:\Windows\Fonts\aXG0Q5j0.com
Emptytemp:
       
*****************

Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\kfbuvpzrsuypcoh => value deleted successfully.
"C:\ProgramData\kfbuvpzr.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"C:\Users\PeterLustig\AppData\Local\LPT" => File/Directory not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
adobeversioncue => Service deleted successfully.
atinevxx => Service deleted successfully.
Hamachi2Svc => Service deleted successfully.
xfactorae1 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs {6080a529-897e-4629-a488-aba0c29b635e} => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs adobeversioncue => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atinevxx => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xfactorae1 => Deleted successfully.
C:\Windows\Tasks\At*.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
"C:\Windows\Fonts\aXG0Q5j0.com" => File/Directory not found.
EmptyTemp: => Removed 699.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:10:02 ====
Dankeschön

schrauber 07.02.2015 12:04
Frisches FRST log bitte :)

TrisxG 08.02.2015 12:14
Wird gemacht, Chef!
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by PeterLustig (administrator) on PETERLUSTIG-PC on 08-02-2015 12:11:36
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe [353440 2012-04-02] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-1814202685-1767394472-907846378-1001: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File

Chrome:
=======
CHR HKU\S-1-5-21-1814202685-1767394472-907846378-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:11 - 2015-02-08 12:12 - 00008550 _____ () C:\Users\PeterLustig\Desktop\FRST.txt
2015-02-06 22:47 - 2015-02-08 12:12 - 00006386 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:35 - 2015-02-06 19:35 - 00002160 _____ () C:\Users\PeterLustig\Desktop\Minecraft.lnk
2015-02-06 19:35 - 2015-02-06 19:35 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-02-06 19:34 - 2015-02-06 20:52 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\.minecraft
2015-02-06 19:30 - 2015-02-06 19:30 - 00415624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 22:09 - 2015-02-08 12:11 - 00000000 ____D () C:\Users\PeterLustig\Desktop\FRST-OlderVersion
2015-02-02 22:08 - 2015-02-02 22:08 - 00007032 _____ () C:\Users\PeterLustig\Documents\Fixlist.txt
2015-01-28 19:09 - 2015-02-08 12:11 - 00000000 ____D () C:\FRST
2015-01-28 18:49 - 2015-01-28 18:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21039.exe
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-27 14:57 - 2015-01-27 14:57 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21031.exe
2015-01-27 14:49 - 2015-01-27 14:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-19460.exe
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-25 22:00 - 2015-01-25 22:00 - 00003118 _____ () C:\Windows\System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3}
2015-01-25 20:28 - 2015-01-25 20:28 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-13113.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-12408.exe
2015-01-25 20:21 - 2015-01-25 20:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64.exe
2015-01-25 20:19 - 2015-01-25 20:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill.exe
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6}
2015-01-25 17:15 - 2015-01-25 17:15 - 00002968 _____ () C:\Windows\System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37}
2015-01-20 13:31 - 2015-01-20 13:31 - 00001439 _____ () C:\Users\PeterLustig\Desktop\Internet Explorer.lnk
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA}
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF}
2015-01-20 13:12 - 2015-02-08 12:11 - 02132992 _____ (Farbar) C:\Users\PeterLustig\Desktop\FRST64.exe
2015-01-20 12:17 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-01-20 00:12 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-19 21:25 - 2015-01-19 21:25 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Gameforge4d
2015-01-09 15:49 - 2015-01-09 15:49 - 00000000 ____D () C:\Qoobox
2015-01-09 14:10 - 2015-01-09 17:35 - 00000000 ____D () C:\Windows\erdnt
2015-01-09 13:58 - 2015-01-09 13:58 - 02617176 _____ (VS Revo Group Ltd.) C:\Users\PeterLustig\Desktop\revosetup.exe
2015-01-09 13:58 - 2015-01-09 13:58 - 00001264 _____ () C:\Users\PeterLustig\Desktop\Revo Uninstaller.lnk
2015-01-09 13:58 - 2015-01-09 13:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:09 - 2009-07-14 06:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 19:37 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:37 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 18:50 - 2011-11-14 17:11 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\LogMeIn Hamachi
2015-01-27 15:41 - 2014-04-14 11:49 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Smartbar
2015-01-27 15:02 - 2015-01-05 19:40 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 11:45 - 2015-01-05 19:40 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 22:22 - 2014-04-14 12:21 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DAEMON Tools Lite
2015-01-25 22:22 - 2014-04-14 12:20 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-25 22:14 - 2013-01-05 16:46 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2015-01-14 23:07 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 14:15 - 2011-12-09 16:19 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2012-07-12 12:46 - 2012-08-15 15:39 - 0000154 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 12:43 - 2012-07-12 12:44 - 0001847 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 12:46 - 2012-07-12 19:54 - 0000077 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.DesktopHelper.Exception.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 22:38

==================== End Of Log ============================
--- --- ---


und Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by PeterLustig at 2015-02-08 12:12:53
Running from C:\Users\PeterLustig\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.33 - Research in Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.33 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Fragen-Lern-CD 4.1 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.1.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.1 (x32 Version: 4.1.0 - Wendel-Verlag GmbH) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.210 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.210 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
WinRAR 5.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-09 17:35 - 2015-01-14 23:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION
Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION
Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION
Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION
Task: {092A2CCD-B7FB-4D8A-A6F3-39B558281AD1} - System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION
Task: {137D48DA-1BC0-4149-A96E-C102527095E9} - System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION
Task: {2654B784-7444-41F1-BF3F-1BC233FC06F5} - System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION
Task: {2C29C7F1-6097-4608-A6F9-87E51D806769} - System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION
Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION
Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION
Task: {32981A40-3338-4708-A540-DC98ECAC45D5} - System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {33159D5B-9ECB-4DEF-BF5F-FD99952ED4C1} - System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {3477C9F5-3974-4A35-990C-FCB292758A79} - System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {350F53CD-ADA8-4289-9715-23C384F9F160} - System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {38DEB75D-FE90-436B-B3D2-1E1D0CE93165} - System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION
Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION
Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION
Task: {481CA121-F260-48A8-AB9F-8207906D6669} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02] (Adobe Systems Incorporated)
Task: {4D32C843-60B5-4524-928D-C6046D3D086B} - System32\Tasks\{050359C3-9664-4B7F-981F-22EB0E99C906} => D:\Modern Warfare 2\iw4sp.exe [2009-11-10] ()
Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION
Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION
Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION
Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION
Task: {569F5BA8-93C1-49AD-B818-C2CB24760FA7} - System32\Tasks\{7E3D0B0F-9677-418A-ABB0-411EAF0FB4AB} => D:\Modern Warfare 2\iw4sp.exe [2009-11-10] ()
Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION
Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION
Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION
Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION
Task: {6AE4F13F-1B3E-4DC9-858E-7F2AF56990DB} - System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3} => pcalua.exe -a "D:\Minecraft\Minecraft 1.7.9.exe" -d D:\Minecraft
Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION
Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION
Task: {72A13C74-F5DD-4993-A479-FBD21EEEC63A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {747F7FCF-BE57-4FDC-B413-A488420F74BF} - System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION
Task: {76924028-4D82-4249-8BD8-625BD5A38EF1} - System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {7CA94881-905C-45E0-ADEB-A8E81F696460} - System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION
Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION
Task: {84A36B6D-BC31-4537-9D75-27B29083F216} - System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION
Task: {86FB8A2D-979F-40C8-93EF-45597ED0C405} - System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION
Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION
Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION
Task: {8A6771B0-E7B7-4A6E-8003-1B642A68BEAB} - System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8ACA9CF1-0768-48CC-971B-C575C76E4FA2} - System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8B07AD0D-A2B0-4003-8F80-911107E3290D} - System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8CF78935-894E-4F5D-A78C-2C60985396D1} - System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION
Task: {92594A5A-4902-434C-A5AA-066C56B41430} - System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION
Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION
Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION
Task: {9F3BF4A9-8335-475D-AD41-A62C5169283D} - System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A1338183-DA0E-493E-ABE4-9B7E7D35B232} - System32\Tasks\{966132B3-2041-49F5-957E-2D3FF4AFE000} => pcalua.exe -a C:\Mathe\Geogebra\GeoGebra.exe -d C:\Mathe\Geogebra
Task: {A28897FC-CAAE-458A-B1B3-8D2633A0C71A} - System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A5123B24-8588-4FE5-9563-6369B56330D3} - System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION
Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION
Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION
Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION
Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION
Task: {B8FD8E72-7549-4E6F-8A73-B75F8F31EF25} - System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION
Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION
Task: {C55919B0-0C58-452F-B2E8-3B7875AA23EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {C733C00A-8255-46E1-BA6B-4C3B8AE8D964} - System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION
Task: {C9AD5789-D2EB-4430-AE2B-30C32CFDF915} - System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION
Task: {CD74D547-9794-4629-8A3D-F36B6D507BB0} - System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION
Task: {D32C0199-BB1E-4A51-ABF3-D191B204C73E} - System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION
Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION
Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION
Task: {E64C74B0-1E24-4501-A363-2E8553BA9CA7} - System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {EEDC5F86-7AA7-4C96-B9C7-6006BC65EBD1} - System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {EF59E8A0-A43D-44FD-AF27-F1C76D8E32D4} - System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {F75BBF04-CD42-4933-9A70-9B62F6722B73} - System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-25 07:54 - 2014-03-25 07:54 - 00148248 _____ () C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\PeterLustig\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: facemoods => "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1814202685-1767394472-907846378-500 - Administrator - Disabled)
Gast (S-1-5-21-1814202685-1767394472-907846378-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1814202685-1767394472-907846378-1004 - Limited - Enabled)
PeterLustig (S-1-5-21-1814202685-1767394472-907846378-1001 - Administrator - Enabled) => C:\Users\PeterLustig

==================== Faulty Device Manager Devices =============

Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: O2Micro SmartCardBus_Reader
Description: O2Micro SmartCardBus_Reader
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:11:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: C:\ProgramData\Microsoft\Search\Data\Applications\>.


System errors:
=============
Error: (02/08/2015 00:11:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (02/08/2015 00:11:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (02/08/2015 00:10:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (02/08/2015 00:10:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/08/2015 00:10:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:09:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2015 00:09:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3


Microsoft Office Sessions:
=========================
Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:11:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: C:\ProgramData\Microsoft\Search\Data\Applications\


CodeIntegrity Errors:
===================================
  Date: 2015-01-09 17:33:29.362
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 17:33:29.315
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 66%
Total physical RAM: 961.88 MB
Available physical RAM: 326.54 MB
Total Pagefile: 1985.88 MB
Available Pagefile: 1200.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:0.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:82.49 GB) (Free:52.46 GB) NTFS
Drive f: (GE_108887) (CDROM) (Total:7 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 16CCAF43)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 MB) - (Type=45)
Partition 3: (Not Active) - (Size=82.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gruß

schrauber 08.02.2015 17:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

TrisxG 16.02.2015 15:14
Danke nochmal.
Also, beginnen wir mit dem Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by PeterLustig at 2015-02-16 14:26:10 Run:2
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
adobeversioncue => Service deleted successfully.
atinevxx => Service deleted successfully.
Hamachi2Svc => Service deleted successfully.
xfactorae1 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs {6080a529-897e-4629-a488-aba0c29b635e} => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs adobeversioncue => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atinevxx => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xfactorae1 => Deleted successfully.
EmptyTemp: => Removed 114.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:26:17 ====
Danach mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.02.2015
Suchlauf-Zeit: 14:32:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.16.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: PeterLustig

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404407
Verstrichene Zeit: 14 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 1
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],

Registrierungsschlüssel: 12
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [27fd8c93c7c3cc6ac338ed5741c231cf],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [27fd8c93c7c3cc6ac338ed5741c231cf],
PUP.Optional.FaceMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, In Quarantäne, [74b0c45b4743c076af7b25a7b44ff30d],
PUP.Optional.SmartBar, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [aa7a1e01b3d73105f6749176a75e59a7],
PUP.Optional.SmartBar, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [3ee6bd626426ef4758113fc8af568779],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [ab796eb1d2b883b38aab248223e010f0],

Registrierungswerte: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [c262b768f99174c203616346857e7789]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [ed37140b8bfff343560ec0e952b16898]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [34f025fa4644cf6782215e549b68c63a]

Registrierungsdaten: 5
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[1e06bb6494f6da5cf1eaa31430d508f8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,),Ersetzt,[6db74dd2672390a6db04199e808519e7]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[4dd79b846624c76fd40cfabda4612dd3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[d252c9563f4b0e28c21f189fa75eec14]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[968e7aa586046fc72daf3f78c63fc43c]

Ordner: 3
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\LocalLow\Smartbar, In Quarantäne, [170d57c83258e353bea1dca71be8dd23],

Dateien: 5
Rogue.WindowsSecuritySystem.Phex, C:\Windows\SysWOW64\config\systemprofile\0.7786929856336338.exe, In Quarantäne, [20045ec19cee75c165bf9c2617e9c13f],
Trojan.Downloader, C:\Windows\Fonts\aXG0Q5j0.com__, In Quarantäne, [82a20e112f5bfb3b8ed7516123dd9967],
PUP.Optional.SnapDo.A, C:\Windows\Installer\41bf772.msi, In Quarantäne, [46deec33bdcdcf67b5135556d72a3ec2],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\LocalLow\Smartbar\smartbar_state.config, In Quarantäne, [170d57c83258e353bea1dca71be8dd23],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Dann der log vom ADWCleaner
Code:
# AdwCleaner v4.110 - Bericht erstellt 16/02/2015 um 15:00:49
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Ultimate  (x64)
# Benutzername : PeterLustig - PETERLUSTIG-PC
# Gestarted von : C:\Users\PeterLustig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GSO3JBQ\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\PeterLustig\AppData\LocalLow\Smartbar
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

*************************

AdwCleaner[R0].txt - [7610 Bytes] - [16/02/2015 14:58:16]
AdwCleaner[S0].txt - [5778 Bytes] - [16/02/2015 15:00:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5837  Bytes] ##########
Dann noch der JRT log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by PeterLustig on 16.02.2015 at 15:05:10,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2015 at 15:07:41,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zum Abschluss ein neues FRST log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by PeterLustig (administrator) on PETERLUSTIG-PC on 16-02-2015 15:08:04
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe [353440 2012-04-02] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-1814202685-1767394472-907846378-1001: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File

Chrome:
=======
CHR HKU\S-1-5-21-1814202685-1767394472-907846378-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:07 - 2015-02-16 15:07 - 00002951 _____ () C:\Users\PeterLustig\Desktop\JRT.txt
2015-02-16 14:57 - 2015-02-16 15:00 - 00000000 ____D () C:\AdwCleaner
2015-02-16 14:56 - 2015-02-16 14:56 - 00009100 _____ () C:\Users\PeterLustig\Desktop\mbam.txt
2015-02-16 14:47 - 2015-02-16 14:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bxldt.sys
2015-02-16 14:31 - 2015-02-16 14:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 14:31 - 2015-02-16 14:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 14:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 14:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 14:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 12:12 - 2015-02-08 12:13 - 00031375 _____ () C:\Users\PeterLustig\Desktop\Addition.txt
2015-02-08 12:11 - 2015-02-16 15:08 - 00006732 _____ () C:\Users\PeterLustig\Desktop\FRST.txt
2015-02-06 22:47 - 2015-02-16 15:01 - 00058908 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:35 - 2015-02-06 19:35 - 00002160 _____ () C:\Users\PeterLustig\Desktop\Minecraft.lnk
2015-02-06 19:35 - 2015-02-06 19:35 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-02-06 19:34 - 2015-02-06 20:52 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\.minecraft
2015-02-06 19:30 - 2015-02-06 19:30 - 00415624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 22:09 - 2015-02-16 14:26 - 00000000 ____D () C:\Users\PeterLustig\Desktop\FRST-OlderVersion
2015-02-02 22:08 - 2015-02-02 22:08 - 00007032 _____ () C:\Users\PeterLustig\Documents\Fixlist.txt
2015-01-28 19:09 - 2015-02-16 15:08 - 00000000 ____D () C:\FRST
2015-01-28 18:49 - 2015-01-28 18:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21039.exe
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-27 14:57 - 2015-01-27 14:57 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21031.exe
2015-01-27 14:49 - 2015-01-27 14:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-19460.exe
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-25 22:00 - 2015-01-25 22:00 - 00003118 _____ () C:\Windows\System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3}
2015-01-25 20:28 - 2015-01-25 20:28 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-13113.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-12408.exe
2015-01-25 20:21 - 2015-01-25 20:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64.exe
2015-01-25 20:19 - 2015-01-25 20:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill.exe
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6}
2015-01-25 17:15 - 2015-01-25 17:15 - 00002968 _____ () C:\Windows\System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37}
2015-01-20 13:31 - 2015-01-20 13:31 - 00001439 _____ () C:\Users\PeterLustig\Desktop\Internet Explorer.lnk
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA}
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF}
2015-01-20 13:12 - 2015-02-16 14:26 - 02085888 _____ (Farbar) C:\Users\PeterLustig\Desktop\FRST64.exe
2015-01-20 12:17 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-01-20 00:12 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-19 21:25 - 2015-01-19 21:25 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Gameforge4d

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:01 - 2009-07-14 06:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-16 14:57 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 14:57 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 14:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-02-06 18:50 - 2011-11-14 17:11 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\LogMeIn Hamachi
2015-01-27 15:02 - 2015-01-05 19:40 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 11:45 - 2015-01-05 19:40 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 22:22 - 2014-04-14 12:21 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DAEMON Tools Lite
2015-01-25 22:22 - 2014-04-14 12:20 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-25 22:14 - 2013-01-05 16:46 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET

==================== Files in the root of some directories =======

2012-07-12 12:46 - 2012-08-15 15:39 - 0000154 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 12:43 - 2012-07-12 12:44 - 0001847 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 12:46 - 2012-07-12 19:54 - 0000077 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.DesktopHelper.Exception.log

Some content of TEMP:
====================
C:\Users\PeterLustig\AppData\Local\Temp\Quarantine.exe
C:\Users\PeterLustig\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 22:38

==================== End Of Log ============================
--- --- ---


Puh!
Gruß Tristan

schrauber 17.02.2015 07:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:34 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131