Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win7 Ultimtate 64bit; nach Bundespolizei-Virus; kein Rechtsklick; nichts installierbar; Speicher auf Festplatte immer voll (https://www.trojaner-board.de/150464-win7-ultimtate-64bit-bundespolizei-virus-kein-rechtsklick-nichts-installierbar-speicher-festplatte-immer-voll.html)

schrauber 29.01.2015 07:01
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CloseProcesses:
HKU\S-1-5-18\...\Run: [kfbuvpzrsuypcoh] => C:\ProgramData\kfbuvpzr.exe
C:\ProgramData\kfbuvpzr.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\PeterLustig\AppData\Local\LPT
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.
C:\Windows\Tasks\At*.job
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - System32\Tasks\At27 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - System32\Tasks\At34 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - System32\Tasks\At16 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - System32\Tasks\At23 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - System32\Tasks\At28 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - System32\Tasks\At41 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - System32\Tasks\At31 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - System32\Tasks\At43 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - System32\Tasks\At19 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - System32\Tasks\At11 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - System32\Tasks\At39 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - System32\Tasks\At25 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - System32\Tasks\At46 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - System32\Tasks\At18 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - System32\Tasks\At3 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - System32\Tasks\At1 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - System32\Tasks\At22 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - System32\Tasks\At8 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - System32\Tasks\At9 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - System32\Tasks\At29 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - System32\Tasks\At7 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - System32\Tasks\At35 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - System32\Tasks\At15 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - System32\Tasks\At33 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - System32\Tasks\At10 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - System32\Tasks\At12 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - System32\Tasks\At13 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - System32\Tasks\At26 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - System32\Tasks\At17 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - System32\Tasks\At38 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - System32\Tasks\At24 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - System32\Tasks\At44 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - System32\Tasks\At45 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - System32\Tasks\At20 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - System32\Tasks\At5 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - System32\Tasks\At4 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - System32\Tasks\At37 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - System32\Tasks\At14 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - System32\Tasks\At6 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - System32\Tasks\At2 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - System32\Tasks\At40 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - System32\Tasks\At32 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - System32\Tasks\At48 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - System32\Tasks\At30 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - System32\Tasks\At42 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - System32\Tasks\At47 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - System32\Tasks\At21 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - System32\Tasks\At36 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION
C:\Windows\Fonts\aXG0Q5j0.com
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


TrisxG 06.02.2015 19:38
Der fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by PeterLustig at 2015-02-06 18:51:12 Run:1
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-18\...\Run: [kfbuvpzrsuypcoh] => C:\ProgramData\kfbuvpzr.exe
C:\ProgramData\kfbuvpzr.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\PeterLustig\AppData\Local\LPT
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.
C:\Windows\Tasks\At*.job
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - System32\Tasks\At27 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - System32\Tasks\At34 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - System32\Tasks\At16 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - System32\Tasks\At23 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - System32\Tasks\At28 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - System32\Tasks\At41 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - System32\Tasks\At31 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - System32\Tasks\At43 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - System32\Tasks\At19 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - System32\Tasks\At11 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - System32\Tasks\At39 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - System32\Tasks\At25 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - System32\Tasks\At46 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - System32\Tasks\At18 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - System32\Tasks\At3 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - System32\Tasks\At1 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - System32\Tasks\At22 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - System32\Tasks\At8 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - System32\Tasks\At9 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - System32\Tasks\At29 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - System32\Tasks\At7 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - System32\Tasks\At35 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - System32\Tasks\At15 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - System32\Tasks\At33 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - System32\Tasks\At10 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - System32\Tasks\At12 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - System32\Tasks\At13 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - System32\Tasks\At26 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - System32\Tasks\At17 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - System32\Tasks\At38 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - System32\Tasks\At24 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - System32\Tasks\At44 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - System32\Tasks\At45 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - System32\Tasks\At20 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - System32\Tasks\At5 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - System32\Tasks\At4 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - System32\Tasks\At37 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - System32\Tasks\At14 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - System32\Tasks\At6 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - System32\Tasks\At2 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - System32\Tasks\At40 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - System32\Tasks\At32 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - System32\Tasks\At48 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - System32\Tasks\At30 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - System32\Tasks\At42 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - System32\Tasks\At47 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - System32\Tasks\At21 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - System32\Tasks\At36 => C:\Windows\Fonts\aXG0Q5j0.com <==== ATTENTION
C:\Windows\Fonts\aXG0Q5j0.com
Emptytemp:
       
*****************

Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\kfbuvpzrsuypcoh => value deleted successfully.
"C:\ProgramData\kfbuvpzr.exe" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"C:\Users\PeterLustig\AppData\Local\LPT" => File/Directory not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
adobeversioncue => Service deleted successfully.
atinevxx => Service deleted successfully.
Hamachi2Svc => Service deleted successfully.
xfactorae1 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs {6080a529-897e-4629-a488-aba0c29b635e} => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs adobeversioncue => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atinevxx => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xfactorae1 => Deleted successfully.
C:\Windows\Tasks\At*.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
C:\Windows\System32\Tasks\At27 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At41 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At31 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
C:\Windows\System32\Tasks\At43 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At39 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
C:\Windows\System32\Tasks\At25 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
C:\Windows\System32\Tasks\At29 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
C:\Windows\System32\Tasks\At35 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
C:\Windows\System32\Tasks\At33 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At45 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
C:\Windows\System32\Tasks\At37 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
C:\Windows\System32\Tasks\At47 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
"C:\Windows\Fonts\aXG0Q5j0.com" => File/Directory not found.
EmptyTemp: => Removed 699.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:10:02 ====
Dankeschön

schrauber 07.02.2015 12:04
Frisches FRST log bitte :)

TrisxG 08.02.2015 12:14
Wird gemacht, Chef!
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by PeterLustig (administrator) on PETERLUSTIG-PC on 08-02-2015 12:11:36
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe [353440 2012-04-02] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SmartbarInternetExplorerBHOEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-1814202685-1767394472-907846378-1001: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File

Chrome:
=======
CHR HKU\S-1-5-21-1814202685-1767394472-907846378-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:11 - 2015-02-08 12:12 - 00008550 _____ () C:\Users\PeterLustig\Desktop\FRST.txt
2015-02-06 22:47 - 2015-02-08 12:12 - 00006386 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:35 - 2015-02-06 19:35 - 00002160 _____ () C:\Users\PeterLustig\Desktop\Minecraft.lnk
2015-02-06 19:35 - 2015-02-06 19:35 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-02-06 19:34 - 2015-02-06 20:52 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\.minecraft
2015-02-06 19:30 - 2015-02-06 19:30 - 00415624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 22:09 - 2015-02-08 12:11 - 00000000 ____D () C:\Users\PeterLustig\Desktop\FRST-OlderVersion
2015-02-02 22:08 - 2015-02-02 22:08 - 00007032 _____ () C:\Users\PeterLustig\Documents\Fixlist.txt
2015-01-28 19:09 - 2015-02-08 12:11 - 00000000 ____D () C:\FRST
2015-01-28 18:49 - 2015-01-28 18:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21039.exe
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-27 14:57 - 2015-01-27 14:57 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21031.exe
2015-01-27 14:49 - 2015-01-27 14:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-19460.exe
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-25 22:00 - 2015-01-25 22:00 - 00003118 _____ () C:\Windows\System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3}
2015-01-25 20:28 - 2015-01-25 20:28 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-13113.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-12408.exe
2015-01-25 20:21 - 2015-01-25 20:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64.exe
2015-01-25 20:19 - 2015-01-25 20:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill.exe
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6}
2015-01-25 17:15 - 2015-01-25 17:15 - 00002968 _____ () C:\Windows\System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37}
2015-01-20 13:31 - 2015-01-20 13:31 - 00001439 _____ () C:\Users\PeterLustig\Desktop\Internet Explorer.lnk
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA}
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF}
2015-01-20 13:12 - 2015-02-08 12:11 - 02132992 _____ (Farbar) C:\Users\PeterLustig\Desktop\FRST64.exe
2015-01-20 12:17 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-01-20 00:12 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-19 21:25 - 2015-01-19 21:25 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Gameforge4d
2015-01-09 15:49 - 2015-01-09 15:49 - 00000000 ____D () C:\Qoobox
2015-01-09 14:10 - 2015-01-09 17:35 - 00000000 ____D () C:\Windows\erdnt
2015-01-09 13:58 - 2015-01-09 13:58 - 02617176 _____ (VS Revo Group Ltd.) C:\Users\PeterLustig\Desktop\revosetup.exe
2015-01-09 13:58 - 2015-01-09 13:58 - 00001264 _____ () C:\Users\PeterLustig\Desktop\Revo Uninstaller.lnk
2015-01-09 13:58 - 2015-01-09 13:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:09 - 2009-07-14 06:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 19:37 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 19:37 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 18:50 - 2011-11-14 17:11 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\LogMeIn Hamachi
2015-01-27 15:41 - 2014-04-14 11:49 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Smartbar
2015-01-27 15:02 - 2015-01-05 19:40 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 11:45 - 2015-01-05 19:40 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 22:22 - 2014-04-14 12:21 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DAEMON Tools Lite
2015-01-25 22:22 - 2014-04-14 12:20 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-25 22:14 - 2013-01-05 16:46 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
2015-01-14 23:07 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 14:15 - 2011-12-09 16:19 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2012-07-12 12:46 - 2012-08-15 15:39 - 0000154 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 12:43 - 2012-07-12 12:44 - 0001847 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 12:46 - 2012-07-12 19:54 - 0000077 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.DesktopHelper.Exception.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 22:38

==================== End Of Log ============================
--- --- ---


und Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015
Ran by PeterLustig at 2015-02-08 12:12:53
Running from C:\Users\PeterLustig\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.33 - Research in Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.33 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Fragen-Lern-CD 4.1 (HKLM-x32\...\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.1.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.1 (x32 Version: 4.1.0 - Wendel-Verlag GmbH) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.210 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.210 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6361.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
WinRAR 5.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-09 17:35 - 2015-01-14 23:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION
Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION
Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION
Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION
Task: {092A2CCD-B7FB-4D8A-A6F3-39B558281AD1} - System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION
Task: {137D48DA-1BC0-4149-A96E-C102527095E9} - System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION
Task: {2654B784-7444-41F1-BF3F-1BC233FC06F5} - System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION
Task: {2C29C7F1-6097-4608-A6F9-87E51D806769} - System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION
Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION
Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION
Task: {32981A40-3338-4708-A540-DC98ECAC45D5} - System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {33159D5B-9ECB-4DEF-BF5F-FD99952ED4C1} - System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {3477C9F5-3974-4A35-990C-FCB292758A79} - System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {350F53CD-ADA8-4289-9715-23C384F9F160} - System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {38DEB75D-FE90-436B-B3D2-1E1D0CE93165} - System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION
Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION
Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION
Task: {481CA121-F260-48A8-AB9F-8207906D6669} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02] (Adobe Systems Incorporated)
Task: {4D32C843-60B5-4524-928D-C6046D3D086B} - System32\Tasks\{050359C3-9664-4B7F-981F-22EB0E99C906} => D:\Modern Warfare 2\iw4sp.exe [2009-11-10] ()
Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION
Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION
Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION
Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION
Task: {569F5BA8-93C1-49AD-B818-C2CB24760FA7} - System32\Tasks\{7E3D0B0F-9677-418A-ABB0-411EAF0FB4AB} => D:\Modern Warfare 2\iw4sp.exe [2009-11-10] ()
Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION
Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION
Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION
Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION
Task: {6AE4F13F-1B3E-4DC9-858E-7F2AF56990DB} - System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3} => pcalua.exe -a "D:\Minecraft\Minecraft 1.7.9.exe" -d D:\Minecraft
Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION
Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION
Task: {72A13C74-F5DD-4993-A479-FBD21EEEC63A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {747F7FCF-BE57-4FDC-B413-A488420F74BF} - System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION
Task: {76924028-4D82-4249-8BD8-625BD5A38EF1} - System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {7CA94881-905C-45E0-ADEB-A8E81F696460} - System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION
Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION
Task: {84A36B6D-BC31-4537-9D75-27B29083F216} - System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION
Task: {86FB8A2D-979F-40C8-93EF-45597ED0C405} - System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION
Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION
Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION
Task: {8A6771B0-E7B7-4A6E-8003-1B642A68BEAB} - System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8ACA9CF1-0768-48CC-971B-C575C76E4FA2} - System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8B07AD0D-A2B0-4003-8F80-911107E3290D} - System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8CF78935-894E-4F5D-A78C-2C60985396D1} - System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION
Task: {92594A5A-4902-434C-A5AA-066C56B41430} - System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION
Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION
Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION
Task: {9F3BF4A9-8335-475D-AD41-A62C5169283D} - System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A1338183-DA0E-493E-ABE4-9B7E7D35B232} - System32\Tasks\{966132B3-2041-49F5-957E-2D3FF4AFE000} => pcalua.exe -a C:\Mathe\Geogebra\GeoGebra.exe -d C:\Mathe\Geogebra
Task: {A28897FC-CAAE-458A-B1B3-8D2633A0C71A} - System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A5123B24-8588-4FE5-9563-6369B56330D3} - System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION
Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION
Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION
Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION
Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION
Task: {B8FD8E72-7549-4E6F-8A73-B75F8F31EF25} - System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION
Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION
Task: {C55919B0-0C58-452F-B2E8-3B7875AA23EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {C733C00A-8255-46E1-BA6B-4C3B8AE8D964} - System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION
Task: {C9AD5789-D2EB-4430-AE2B-30C32CFDF915} - System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION
Task: {CD74D547-9794-4629-8A3D-F36B6D507BB0} - System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION
Task: {D32C0199-BB1E-4A51-ABF3-D191B204C73E} - System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION
Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION
Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION
Task: {E64C74B0-1E24-4501-A363-2E8553BA9CA7} - System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {EEDC5F86-7AA7-4C96-B9C7-6006BC65EBD1} - System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {EF59E8A0-A43D-44FD-AF27-F1C76D8E32D4} - System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {F75BBF04-CD42-4933-9A70-9B62F6722B73} - System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2} => C:\Users\PeterLustig\Desktop\FRST64.exe [2015-02-08] (Farbar)
Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-25 07:54 - 2014-03-25 07:54 - 00148248 _____ () C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\PeterLustig\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: facemoods => "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-1814202685-1767394472-907846378-500 - Administrator - Disabled)
Gast (S-1-5-21-1814202685-1767394472-907846378-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1814202685-1767394472-907846378-1004 - Limited - Enabled)
PeterLustig (S-1-5-21-1814202685-1767394472-907846378-1001 - Administrator - Enabled) => C:\Users\PeterLustig

==================== Faulty Device Manager Devices =============

Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: O2Micro SmartCardBus_Reader
Description: O2Micro SmartCardBus_Reader
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:12:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:11:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll (832) SUS20ClientDataStore: Versuch, Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" zu erstellen, ist mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) beim Erstellen von Dateien.

Error: (02/08/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: C:\ProgramData\Microsoft\Search\Data\Applications\>.


System errors:
=============
Error: (02/08/2015 00:11:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (02/08/2015 00:11:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (02/08/2015 00:10:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (02/08/2015 00:10:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:10:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (02/08/2015 00:10:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3

Error: (02/08/2015 00:09:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2015 00:09:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3


Microsoft Office Sessions:
=========================
Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:16 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:12:15 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:11:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: wuaueng.dll832SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb-1808 (0xfffff8f0)112 (0x00000070)Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.

Error: (02/08/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: C:\ProgramData\Microsoft\Search\Data\Applications\


CodeIntegrity Errors:
===================================
  Date: 2015-01-09 17:33:29.362
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-09 17:33:29.315
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 66%
Total physical RAM: 961.88 MB
Available physical RAM: 326.54 MB
Total Pagefile: 1985.88 MB
Available Pagefile: 1200.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.29 GB) (Free:0.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:82.49 GB) (Free:52.46 GB) NTFS
Drive f: (GE_108887) (CDROM) (Total:7 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 16CCAF43)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 MB) - (Type=45)
Partition 3: (Not Active) - (Size=82.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Gruß

schrauber 08.02.2015 17:05
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

TrisxG 16.02.2015 15:14
Danke nochmal.
Also, beginnen wir mit dem Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by PeterLustig at 2015-02-16 14:26:10 Run:2
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {023CD47E-D530-4FC7-9E63-D52218A94836} - \At27 No Task File <==== ATTENTION

Task: {038512EA-790D-4E62-9CA5-71832688CC9E} - \At34 No Task File <==== ATTENTION

Task: {08A060D2-79C5-493C-BB58-F25C6BA42274} - \At16 No Task File <==== ATTENTION

Task: {08A9CDCF-140F-4946-A22B-E96942BE57D2} - \At23 No Task File <==== ATTENTION

Task: {0EBCB69F-9D95-4F02-8874-8B54A76C1BF9} - \At28 No Task File <==== ATTENTION

Task: {2250FD76-06B7-4D19-8C28-5B0474A7E0DD} - \At41 No Task File <==== ATTENTION

Task: {27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A} - \At31 No Task File <==== ATTENTION

Task: {2E82F8AA-E085-4430-A9BB-E07E6770A077} - \At43 No Task File <==== ATTENTION

Task: {31B133A7-6BF9-4DBC-AB99-6B8925F5678E} - \At19 No Task File <==== ATTENTION

Task: {31E98F7C-57A5-44C6-BDD5-2295CE741066} - \At11 No Task File <==== ATTENTION

Task: {4078CE44-2A79-4173-A0A8-0EF2F3727E8E} - \At39 No Task File <==== ATTENTION

Task: {4287194E-8E3C-4B92-85DA-262E7B651873} - \At25 No Task File <==== ATTENTION

Task: {472C7580-D297-44A5-8EE3-43D947010E8F} - \At46 No Task File <==== ATTENTION

Task: {509EFCB0-06DF-405A-B8D9-BE8252DA49B9} - \At18 No Task File <==== ATTENTION

Task: {5369728C-FA0A-4D9B-9A4D-898B7C8E8465} - \At3 No Task File <==== ATTENTION

Task: {53DC4EDD-B197-47BE-9D1A-F41F01A80888} - \At1 No Task File <==== ATTENTION

Task: {5457AB80-34BF-42D3-87A8-2B3D00DC132B} - \At22 No Task File <==== ATTENTION

Task: {599793EA-CD10-48C5-8721-98EE9D23E16A} - \At8 No Task File <==== ATTENTION

Task: {5E38C7E8-E2C0-4D69-B413-4B736CD92CCC} - \At9 No Task File <==== ATTENTION

Task: {62924DAD-B30D-429A-ADB2-E506CB9C60DA} - \At29 No Task File <==== ATTENTION

Task: {6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9} - \At7 No Task File <==== ATTENTION

Task: {6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3} - \At35 No Task File <==== ATTENTION

Task: {71BA5A7F-5E29-4BEF-BF7E-53BD12347730} - \At15 No Task File <==== ATTENTION

Task: {74909335-1F09-4813-9CB5-9F50961B6C50} - \At33 No Task File <==== ATTENTION

Task: {7DFA7A51-CB8E-4C09-A88E-5075F41AE38A} - \At10 No Task File <==== ATTENTION

Task: {7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F} - \At12 No Task File <==== ATTENTION

Task: {855EC2F5-2255-4EE3-8531-F915AEB0DE37} - \At13 No Task File <==== ATTENTION

Task: {8703EFC1-6D0E-4723-9258-093671AC0128} - \At26 No Task File <==== ATTENTION

Task: {888ED9C2-7590-4DA1-81C7-671F71B1C538} - \At17 No Task File <==== ATTENTION

Task: {89955AE0-5426-442E-9F25-CE20C3CF8A77} - \At38 No Task File <==== ATTENTION

Task: {8F366998-5120-47A1-B751-07B0D0453A53} - \At24 No Task File <==== ATTENTION

Task: {92D5906E-6D2E-4935-95B2-9030563C4832} - \At44 No Task File <==== ATTENTION

Task: {94F8A3A4-E096-402F-914D-84C77235BABE} - \At45 No Task File <==== ATTENTION

Task: {9E0C44A3-F6B6-47CD-9733-A3521CF30278} - \At20 No Task File <==== ATTENTION

Task: {A770A8E0-BF77-471E-A909-7B38FCA68351} - \At5 No Task File <==== ATTENTION

Task: {A87E06E5-FD8F-4074-B5B8-8D3317F4B095} - \At4 No Task File <==== ATTENTION

Task: {AD5DD74D-2807-4D4B-8070-44BA7CD3B177} - \At37 No Task File <==== ATTENTION

Task: {B0B9403C-2698-4423-AC14-A5278F2F582D} - \At14 No Task File <==== ATTENTION

Task: {B733B431-E348-4B31-90FB-67C560102E4C} - \At6 No Task File <==== ATTENTION

Task: {BF53F786-18A4-44C7-ABA0-8F4D67BD05FF} - \At2 No Task File <==== ATTENTION

Task: {C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B} - \At40 No Task File <==== ATTENTION

Task: {C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7} - \At32 No Task File <==== ATTENTION

Task: {C9E77C31-3B2C-4C80-8007-BF9F5BF919FF} - \At48 No Task File <==== ATTENTION

Task: {CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A} - \At30 No Task File <==== ATTENTION

Task: {D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D} - \At42 No Task File <==== ATTENTION

Task: {E4C73F13-5D9C-4CBF-B9BD-4243F3568776} - \At47 No Task File <==== ATTENTION

Task: {E4E70D88-095F-4A38-920F-E76EAEAE7F0E} - \At21 No Task File <==== ATTENTION

Task: {FF26CF92-C490-457D-B019-EC9DB864B1D1} - \At36 No Task File <==== ATTENTION

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

Emptytemp:
       
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{023CD47E-D530-4FC7-9E63-D52218A94836}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At27" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{038512EA-790D-4E62-9CA5-71832688CC9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A060D2-79C5-493C-BB58-F25C6BA42274}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08A9CDCF-140F-4946-A22B-E96942BE57D2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBCB69F-9D95-4F02-8874-8B54A76C1BF9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2250FD76-06B7-4D19-8C28-5B0474A7E0DD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27C900CA-85F1-4FF4-BF0E-0F224CDCEE5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At31" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E82F8AA-E085-4430-A9BB-E07E6770A077}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At43" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B133A7-6BF9-4DBC-AB99-6B8925F5678E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31E98F7C-57A5-44C6-BDD5-2295CE741066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4078CE44-2A79-4173-A0A8-0EF2F3727E8E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At39" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4287194E-8E3C-4B92-85DA-262E7B651873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At25" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{472C7580-D297-44A5-8EE3-43D947010E8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509EFCB0-06DF-405A-B8D9-BE8252DA49B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5369728C-FA0A-4D9B-9A4D-898B7C8E8465}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53DC4EDD-B197-47BE-9D1A-F41F01A80888}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5457AB80-34BF-42D3-87A8-2B3D00DC132B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599793EA-CD10-48C5-8721-98EE9D23E16A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E38C7E8-E2C0-4D69-B413-4B736CD92CCC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62924DAD-B30D-429A-ADB2-E506CB9C60DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At29" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6753B9B6-7291-4A5B-B8DB-E7B1BAAEEDD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BFB77DE-9F9A-4062-8E58-473F4DFCE9F3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At35" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71BA5A7F-5E29-4BEF-BF7E-53BD12347730}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74909335-1F09-4813-9CB5-9F50961B6C50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At33" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DFA7A51-CB8E-4C09-A88E-5075F41AE38A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FEE53C9-2AC5-4715-A32B-7E7BE3735F8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855EC2F5-2255-4EE3-8531-F915AEB0DE37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8703EFC1-6D0E-4723-9258-093671AC0128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{888ED9C2-7590-4DA1-81C7-671F71B1C538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89955AE0-5426-442E-9F25-CE20C3CF8A77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F366998-5120-47A1-B751-07B0D0453A53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D5906E-6D2E-4935-95B2-9030563C4832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F8A3A4-E096-402F-914D-84C77235BABE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At45" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E0C44A3-F6B6-47CD-9733-A3521CF30278}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A770A8E0-BF77-471E-A909-7B38FCA68351}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A87E06E5-FD8F-4074-B5B8-8D3317F4B095}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5DD74D-2807-4D4B-8070-44BA7CD3B177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At37" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B9403C-2698-4423-AC14-A5278F2F582D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B733B431-E348-4B31-90FB-67C560102E4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF53F786-18A4-44C7-ABA0-8F4D67BD05FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39A241F-7AA3-4C1C-B50F-FCFB1AC29A2B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8B3DBE1-B577-4E80-BA3D-0B63C7CEEFA7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9E77C31-3B2C-4C80-8007-BF9F5BF919FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1FEFCC-5EBC-4306-BE09-0FEA2DBA812A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C0EEF8-371C-4804-BC98-0EC69D0B5F9D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4C73F13-5D9C-4CBF-B9BD-4243F3568776}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At47" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E70D88-095F-4A38-920F-E76EAEAE7F0E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF26CF92-C490-457D-B019-EC9DB864B1D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
adobeversioncue => Service deleted successfully.
atinevxx => Service deleted successfully.
Hamachi2Svc => Service deleted successfully.
xfactorae1 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs {6080a529-897e-4629-a488-aba0c29b635e} => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs adobeversioncue => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atinevxx => Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs xfactorae1 => Deleted successfully.
EmptyTemp: => Removed 114.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:26:17 ====
Danach mbam
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.02.2015
Suchlauf-Zeit: 14:32:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.16.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: PeterLustig

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404407
Verstrichene Zeit: 14 Min, 21 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 1
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],

Registrierungsschlüssel: 12
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [a0849986fa90bb7ba261ab96f310867a],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [27fd8c93c7c3cc6ac338ed5741c231cf],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [27fd8c93c7c3cc6ac338ed5741c231cf],
PUP.Optional.FaceMoods.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, In Quarantäne, [74b0c45b4743c076af7b25a7b44ff30d],
PUP.Optional.SmartBar, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [aa7a1e01b3d73105f6749176a75e59a7],
PUP.Optional.SmartBar, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [3ee6bd626426ef4758113fc8af568779],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [ab796eb1d2b883b38aab248223e010f0],

Registrierungswerte: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [c262b768f99174c203616346857e7789]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [ed37140b8bfff343560ec0e952b16898]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [34f025fa4644cf6782215e549b68c63a]

Registrierungsdaten: 5
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[1e06bb6494f6da5cf1eaa31430d508f8]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qAkXaMzouyCqopHDHEHnWMteu03oQ6tq7mMGDgDyyDhG3jikjLW31FmqA5Inz0Lt5hJFbnGkbMy8ztEJH8OoDs0TPT_hJA-CeY,),Ersetzt,[6db74dd2672390a6db04199e808519e7]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[4dd79b846624c76fd40cfabda4612dd3]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[d252c9563f4b0e28c21f189fa75eec14]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1814202685-1767394472-907846378-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StKZmhdFMQ5NhCfKoItf6Xow1K8E36L0X66tJe34f_wLPD5Splg6ZyL_ByCddyIXOg1cJF53aLlcQyUr3Gr7BX1yp3dWfA5n70xSBunLzf9qwzQRFYbWIrx1QAyb-Uuy0CmZBjgY2TdFYHYrlsj_QM7AWuEaULc-33igwTosQPL4_w5LLIg275UwXaUJvlzSTTEetRYQ_IWqU,&q={searchTerms}),Ersetzt,[968e7aa586046fc72daf3f78c63fc43c]

Ordner: 3
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\LocalLow\Smartbar, In Quarantäne, [170d57c83258e353bea1dca71be8dd23],

Dateien: 5
Rogue.WindowsSecuritySystem.Phex, C:\Windows\SysWOW64\config\systemprofile\0.7786929856336338.exe, In Quarantäne, [20045ec19cee75c165bf9c2617e9c13f],
Trojan.Downloader, C:\Windows\Fonts\aXG0Q5j0.com__, In Quarantäne, [82a20e112f5bfb3b8ed7516123dd9967],
PUP.Optional.SnapDo.A, C:\Windows\Installer\41bf772.msi, In Quarantäne, [46deec33bdcdcf67b5135556d72a3ec2],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, Löschen bei Neustart, [af7520ff2862b680046e2d28f60dc23e],
PUP.Optional.SmartBar.A, C:\Users\PeterLustig\AppData\LocalLow\Smartbar\smartbar_state.config, In Quarantäne, [170d57c83258e353bea1dca71be8dd23],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Dann der log vom ADWCleaner
Code:
# AdwCleaner v4.110 - Bericht erstellt 16/02/2015 um 15:00:49
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Ultimate  (x64)
# Benutzername : PeterLustig - PETERLUSTIG-PC
# Gestarted von : C:\Users\PeterLustig\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GSO3JBQ\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\PeterLustig\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\PeterLustig\AppData\LocalLow\Smartbar
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

*************************

AdwCleaner[R0].txt - [7610 Bytes] - [16/02/2015 14:58:16]
AdwCleaner[S0].txt - [5778 Bytes] - [16/02/2015 15:00:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5837  Bytes] ##########
Dann noch der JRT log
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by PeterLustig on 16.02.2015 at 15:05:10,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_RocketFuelInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2015 at 15:07:41,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zum Abschluss ein neues FRST log

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by PeterLustig (administrator) on PETERLUSTIG-PC on 16-02-2015 15:08:04
Running from C:\Users\PeterLustig\Desktop
Loaded Profiles: PeterLustig (Available profiles: PeterLustig)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe [353440 2012-04-02] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1814202685-1767394472-907846378-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1814202685-1767394472-907846378-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1814202685-1767394472-907846378-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
FF Plugin HKU\S-1-5-21-1814202685-1767394472-907846378-1001: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File

Chrome:
=======
CHR HKU\S-1-5-21-1814202685-1767394472-907846378-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\PeterLustig\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 adobeversioncue; %systemroot%\system32\unrealircd.dll [X]
S4 atinevxx; %systemroot%\system32\SenFiltService.dll [X]
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S4 xfactorae1; %systemroot%\system32\arhidfltr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> No ServiceDLL Path.
NETSVC: adobeversioncue -> C:\Windows\system32\unrealircd.dll ==> No File.
NETSVC: atinevxx -> C:\Windows\system32\SenFiltService.dll ==> No File.
NETSVC: xfactorae1 -> C:\Windows\system32\arhidfltr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:07 - 2015-02-16 15:07 - 00002951 _____ () C:\Users\PeterLustig\Desktop\JRT.txt
2015-02-16 14:57 - 2015-02-16 15:00 - 00000000 ____D () C:\AdwCleaner
2015-02-16 14:56 - 2015-02-16 14:56 - 00009100 _____ () C:\Users\PeterLustig\Desktop\mbam.txt
2015-02-16 14:47 - 2015-02-16 14:47 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bxldt.sys
2015-02-16 14:31 - 2015-02-16 14:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 14:31 - 2015-02-16 14:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 14:31 - 2015-02-16 14:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-16 14:31 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 14:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 14:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 12:12 - 2015-02-08 12:13 - 00031375 _____ () C:\Users\PeterLustig\Desktop\Addition.txt
2015-02-08 12:11 - 2015-02-16 15:08 - 00006732 _____ () C:\Users\PeterLustig\Desktop\FRST.txt
2015-02-06 22:47 - 2015-02-16 15:01 - 00058908 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 19:35 - 2015-02-06 19:35 - 00002160 _____ () C:\Users\PeterLustig\Desktop\Minecraft.lnk
2015-02-06 19:35 - 2015-02-06 19:35 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-02-06 19:34 - 2015-02-06 20:52 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\.minecraft
2015-02-06 19:30 - 2015-02-06 19:30 - 00415624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-02 22:09 - 2015-02-16 14:26 - 00000000 ____D () C:\Users\PeterLustig\Desktop\FRST-OlderVersion
2015-02-02 22:08 - 2015-02-02 22:08 - 00007032 _____ () C:\Users\PeterLustig\Documents\Fixlist.txt
2015-01-28 19:09 - 2015-02-16 15:08 - 00000000 ____D () C:\FRST
2015-01-28 18:49 - 2015-01-28 18:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21039.exe
2015-01-27 15:18 - 2015-01-27 15:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-27 14:57 - 2015-01-27 14:57 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-21031.exe
2015-01-27 14:49 - 2015-01-27 14:49 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-19460.exe
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-27 14:47 - 2015-01-27 14:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-25 22:00 - 2015-01-25 22:00 - 00003118 _____ () C:\Windows\System32\Tasks\{9E93E75A-8F35-42AC-BB63-FB012FA62CC3}
2015-01-25 20:28 - 2015-01-25 20:28 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-13113.exe
2015-01-25 20:24 - 2015-01-25 20:24 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64-12408.exe
2015-01-25 20:21 - 2015-01-25 20:21 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill64.exe
2015-01-25 20:19 - 2015-01-25 20:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\PeterLustig\Desktop\rkill.exe
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{DD320EEE-AF76-4BFF-9D8D-74DC586C3DF7}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{C33E7806-3940-49AA-8E3F-87407B744D48}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D28C67-CAD9-4A65-B954-43DC5FAC9147}
2015-01-25 17:18 - 2015-01-25 17:18 - 00002968 _____ () C:\Windows\System32\Tasks\{2F42AD4C-B626-4A7B-BE8D-879382CACDFE}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{F71D7E21-31D2-4B75-9F2E-D1023064785F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{DC868B9F-18DC-4282-8982-CA04E365D8B4}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C938709E-5132-4154-B7AB-F973F9AEB12D}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C1EAF886-BE74-495C-BA01-3CF06D617CBB}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{C00AC9CA-31EE-4F7C-8178-F728318F37B2}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{9340A002-27AE-4F0D-B08F-CCCFAAB7051F}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{71D96554-704A-48CE-9AE8-294422BBB917}
2015-01-25 17:17 - 2015-01-25 17:17 - 00002968 _____ () C:\Windows\System32\Tasks\{31EE0835-121D-4F8E-8DE4-81E9C0E4CC9F}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DEA50867-0680-4681-9E4B-DDBD590F88DC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{DD0FB53D-835D-4328-B8E5-ABFF91CA4F30}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{D297B1C8-8193-42F0-A890-C51F2C993148}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B9D2D592-B4A9-449B-AE00-33AA408E70F3}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{B356D192-DAE2-435A-9935-E4B7AE368AFA}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{8961765D-5A5E-40FC-88CD-914DE3F18C41}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{84D4F78B-4662-45BE-A52C-3FF4A2AA5AFF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{682D6DFA-A37E-4AEB-AB81-2E58B5100B50}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{64387400-64B7-479B-9A6D-3CDD4F803E1A}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{5EB9BB05-C745-41E9-95C1-CB75157EA92E}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{42D40418-1777-430C-A14A-08FF26725ED6}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{3DD2E574-6D05-42A5-9385-0BEB8B104392}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{2A9D3EF4-287A-496B-BA54-0FD2282AF7DF}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{1A658748-DFD0-4454-8A74-FD77CEF65638}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{126A1D60-6B08-46F6-A797-96199ECE5EDC}
2015-01-25 17:16 - 2015-01-25 17:16 - 00002968 _____ () C:\Windows\System32\Tasks\{031F14CA-F08F-47ED-9554-64DADA0C8DE6}
2015-01-25 17:15 - 2015-01-25 17:15 - 00002968 _____ () C:\Windows\System32\Tasks\{943F9431-0485-4B44-AA6D-0D739E2EEE37}
2015-01-20 13:31 - 2015-01-20 13:31 - 00001439 _____ () C:\Users\PeterLustig\Desktop\Internet Explorer.lnk
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{4F2FD83F-AE71-4CA7-BC7B-E961F336D9FA}
2015-01-20 13:15 - 2015-01-20 13:15 - 00002968 _____ () C:\Windows\System32\Tasks\{29002138-A429-4FAD-85F0-612C27EAE1BF}
2015-01-20 13:12 - 2015-02-16 14:26 - 02085888 _____ (Farbar) C:\Users\PeterLustig\Desktop\FRST64.exe
2015-01-20 12:17 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-01-20 00:12 - 2015-01-25 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-01-19 21:25 - 2015-01-19 21:25 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\Gameforge4d

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:01 - 2009-07-14 06:08 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-16 14:57 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 14:57 - 2009-07-14 05:45 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 14:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-02-06 18:50 - 2011-11-14 17:11 - 00000000 ____D () C:\Users\PeterLustig\AppData\Local\LogMeIn Hamachi
2015-01-27 15:02 - 2015-01-05 19:40 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 15:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-27 11:45 - 2015-01-05 19:40 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 22:22 - 2014-04-14 12:21 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\DAEMON Tools Lite
2015-01-25 22:22 - 2014-04-14 12:20 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-25 22:14 - 2013-01-05 16:46 - 00000000 ____D () C:\Users\PeterLustig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET

==================== Files in the root of some directories =======

2012-07-12 12:46 - 2012-08-15 15:39 - 0000154 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-12 12:43 - 2012-07-12 12:44 - 0001847 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-12 12:46 - 2012-07-12 19:54 - 0000077 _____ () C:\Users\PeterLustig\AppData\Roaming\Rim.DesktopHelper.Exception.log

Some content of TEMP:
====================
C:\Users\PeterLustig\AppData\Local\Temp\Quarantine.exe
C:\Users\PeterLustig\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 22:38

==================== End Of Log ============================
--- --- ---


Puh!
Gruß Tristan

schrauber 17.02.2015 07:02

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:08 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19