Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Chinesische Zeichen bei Booking.com (https://www.trojaner-board.de/168428-chinesische-zeichen-booking-com.html)

SFF033 03.07.2015 20:35
Chinesische Zeichen bei Booking.com
 
Hallo zusammen,

seit kurzem werden mir in booking.com statt der normalen Zeichen z.B. für Schließen ein X in der Kartenansicht (siehe Screenshot) seltsame chinesische Zeichen angezeigt. Da ich mir nicht sicher bin, ob es sich dabei um einen Virus, Malware oder ähnlichem handelt, wollte ich mal eure Meinung hören. Hattet ihr vielleicht schon seliges Problem. Eine Suche nach chinesischen Zeichen in Verbindung mit booking.com hat keine Ergebnisse ausgeworfen. Das Problem besteht sowohl in Firefox als auch in Chrome und ist mir bis jetzt auch nur bei booking.com aufgefallen. GData zeigt mir keine Funde an.

http://abload.de/img/1husb1.png

http://abload.de/img/2hwsn8.png

Mit freundlichen Grüßen
SFF033

schrauber 04.07.2015 07:25
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


SFF033 04.07.2015 14:56
Ergebnisse
 
Hallo,

anbei die Ergebnisse des Scans.

FRST.txt

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015
Ran by SFF033 (administrator) on SFF033 on 04-07-2015 13:33:45
Running from C:\Users\SFF033\Desktop
Loaded Profiles: SFF033 (Available Profiles: SFF033)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [OneDrive] => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-01] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-07] (DVDVideoSoft Ltd.)
BHO-x32: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll [2014-10-10] (pdfforge GmbH)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ADE75A66-FE58-4AB6-B2E7-2B2C4F7A384C}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://isearch.avg.com/search?cid=%7B59856c40-1b9f-4b83-9985-d3e303908c92%7D&mid=c90654fde2e847d18ade25244230419e-a466d8ad3be4084f3e6bcce0beab89580416547a&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-13%2022%3A37%3A05&sap=ku&q=
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-03] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Extension: Adblock Plus - C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-09]
FF HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-19]

Chrome:
=======
CHR Profile: C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (YouTube) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Google Sheets) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-11-12] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-11-12] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-11-12] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-11-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-11-12] (G Data Software AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S3 EverestDriver; \??\C:\Users\SFF033\AppData\Local\Temp\EverestDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 13:33 - 2015-07-04 13:33 - 00027670 _____ C:\Users\SFF033\Desktop\Addition.txt
2015-07-04 13:32 - 2015-07-04 13:33 - 00014333 _____ C:\Users\SFF033\Desktop\FRST.txt
2015-07-04 13:31 - 2015-07-04 13:33 - 00000000 ____D C:\FRST
2015-07-04 13:30 - 2015-07-04 13:30 - 02112512 _____ (Farbar) C:\Users\SFF033\Desktop\FRST64.exe
2015-07-04 13:25 - 2015-07-04 13:25 - 00000000 ___HD C:\OneDriveTemp
2015-07-03 22:39 - 2015-07-03 22:39 - 00059415 _____ C:\Users\SFF033\AppData\Local\recently-used.xbel
2015-07-03 22:34 - 2015-07-03 22:34 - 134425326 _____ C:\Users\SFF033\Documents\DSC_7469.xcf
2015-07-03 21:17 - 2015-07-03 21:18 - 00000000 ____D C:\Users\SFF033\Neuer Ordner (6)
2015-07-03 20:49 - 2015-07-04 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-29 19:57 - 2015-06-29 19:57 - 00001405 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-06-18 23:15 - 2015-06-18 23:15 - 00057065 _____ C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B).htm
2015-06-18 23:15 - 2015-06-18 23:15 - 00000000 ____D C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B)-Dateien
2015-06-18 21:34 - 2015-06-18 21:34 - 00000000 ____D C:\Users\SFF033\AppData\Local\pdfforge
2015-06-11 21:01 - 2015-06-11 21:07 - 56073137 _____ C:\Users\SFF033\YouPorn - stuffing a French ass.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-04 13:32 - 2014-11-12 21:30 - 01192182 _____ C:\Windows\WindowsUpdate.log
2015-07-04 13:31 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-04 13:31 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-04 13:30 - 2009-07-14 19:58 - 00696132 _____ C:\Windows\system32\perfh007.dat
2015-07-04 13:30 - 2009-07-14 19:58 - 00147428 _____ C:\Windows\system32\perfc007.dat
2015-07-04 13:30 - 2009-07-14 07:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-04 13:25 - 2014-12-10 00:26 - 00000000 ___RD C:\Users\SFF033\OneDrive
2015-07-04 13:24 - 2015-04-12 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 13:24 - 2015-03-01 20:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-04 13:24 - 2014-11-25 23:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-04 13:24 - 2014-11-13 00:04 - 00009924 _____ C:\Windows\PFRO.log
2015-07-04 13:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-04 13:24 - 2009-07-14 06:51 - 00039723 _____ C:\Windows\setupact.log
2015-07-04 00:40 - 2014-11-25 23:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-04 00:39 - 2015-01-29 00:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-03 23:55 - 2015-01-29 00:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-03 23:55 - 2014-12-04 21:49 - 00000000 ____D C:\Users\SFF033\AppData\Local\CrashDumps
2015-07-03 23:55 - 2014-11-12 22:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-03 23:55 - 2014-11-12 22:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 23:55 - 2014-11-12 22:25 - 00000000 ____D C:\Users\SFF033\AppData\Local\Adobe
2015-07-03 23:53 - 2014-11-13 21:51 - 00000000 ____D C:\Users\SFF033\.gimp-2.8
2015-07-03 22:39 - 2014-11-13 22:15 - 00000000 ____D C:\Users\SFF033\AppData\Local\gtk-2.0
2015-07-03 21:17 - 2014-11-13 23:03 - 01989632 ___SH C:\Users\SFF033\Thumbs.db
2015-07-03 21:17 - 2014-11-12 21:29 - 00000000 ____D C:\Users\SFF033
2015-07-03 21:14 - 2015-04-13 22:02 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-29 20:45 - 2015-03-09 23:54 - 00000000 ____D C:\Users\SFF033\AppData\Local\PDFCreator
2015-06-29 19:57 - 2014-11-12 23:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-23 20:41 - 2014-11-25 23:24 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-23 19:43 - 2014-12-24 23:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-14 23:29 - 2014-11-13 00:26 - 00000000 ____D C:\Users\SFF033\AppData\Roaming\vlc
2015-06-12 23:18 - 2014-11-12 23:36 - 00000000 ____D C:\Users\SFF033\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-11-12 23:23 - 2014-07-23 22:56 - 9473538 _____ () C:\Program Files\Decoder.zip
2014-11-12 23:23 - 2013-01-07 01:56 - 1476609 _____ () C:\Program Files\JPG Steffen.zip
2014-11-12 23:23 - 2012-05-03 23:38 - 1476352 _____ () C:\Program Files\Neuer ZIP-komprimierter Ordner.zip
2014-11-12 23:00 - 2014-11-12 23:00 - 0000000 _____ () C:\Users\SFF033\AppData\Roaming\gdfw.log
2014-11-12 23:00 - 2014-11-12 23:00 - 0000779 _____ () C:\Users\SFF033\AppData\Roaming\gdscan.log
2015-07-03 22:39 - 2015-07-03 22:39 - 0059415 _____ () C:\Users\SFF033\AppData\Local\recently-used.xbel
2014-12-03 00:46 - 2014-12-03 00:46 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SFF033\AppData\Local\Temp\ose00000.exe
C:\Users\SFF033\AppData\Local\Temp\SIntf16.dll
C:\Users\SFF033\AppData\Local\Temp\SIntf32.dll
C:\Users\SFF033\AppData\Local\Temp\SIntfNT.dll
C:\Users\SFF033\AppData\Local\Temp\tmd_34016506.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-02 23:18

==================== End of log ============================
--- --- ---





Addition.txt
[CODE]
Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by SFF033 at 2015-07-04 13:34:01
Running from C:\Users\SFF033\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1073856993-1816317826-1230882084-500 - Administrator - Disabled)
SFF033 (S-1-5-21-1073856993-1816317826-1230882084-1000 - Administrator - Enabled) => C:\Users\SFF033
Gast (S-1-5-21-1073856993-1816317826-1230882084-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1073856993-1816317826-1230882084-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ArtPlus Digital Photo Recovery 6.2 (HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\ArtPlus Digital Photo Recovery) (Version: 6.2.0.120 - Art Plus Marketing & Publishing)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
Asoftech Photo Recovery (HKLM-x32\...\{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}) (Version: 3.16 - )
Cities in Motion (HKLM-x32\...\Steam App 73010) (Version:  - Colossal Order Ltd.)
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard 8.6 (HKLM\...\EaseUS Data Recovery Wizard 8.6_is1) (Version:  - EaseUS)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
ffdshow v1.1.3476 [2010-06-15] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3476.0 - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.52.1111 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1111 - DVDVideoSoft Ltd.)
Free AVI Video Converter version 5.0.57.219 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.57.219 - DVDVideoSoft Ltd.)
Free Studio version 6.4.0.1111 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1111 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
G Data InternetSecurity CBE (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{DF37555F-0259-43DA-B60C-47106FA14AA3}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Locomotion (HKLM-x32\...\{77F45E76-E897-42CA-A9FE-5F56817D875C}) (Version: 1.00.000 - )
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
ÖBB Winter 2014-2015 (HKLM-x32\...\ÖBB Winter 2014-2015) (Version:  - )
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.2 - pdfforge)
PhotoRescue Pro (HKLM-x32\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.9 - Essential Data Tools)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.8 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1073856993-1816317826-1230882084-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

29-06-2015 19:57:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B812E95-8A80-4D41-805E-B94AEF8805FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {9162003A-A408-4EF8-86A7-5F42F8FB091E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: {9B91FC33-3F24-485D-8EC8-99E6FF94AEDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-03] (Adobe Systems Incorporated)
Task: {E52A507A-2AB2-42CF-9721-27740DA37AE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2015-03-01 20:24 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-01 20:24 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-01 20:24 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-01 20:24 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-01 20:24 - 2015-06-04 20:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-01 20:24 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-01 20:24 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-01 20:24 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-01 20:24 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-01 20:24 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-01 20:24 - 2015-06-04 20:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-01 20:24 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-03-31 22:35 - 2014-03-31 22:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SFF033\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C53A977D-D9A6-49B3-80D4-0B088DBB0E04}] => (Allow) C:\Users\SFF033\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{08E6C5D5-3052-4714-B156-79539B9518B7}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0898900F-2EA9-4848-86A7-C67EBAE044C7}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{1A55640C-B15A-46E9-9F88-D94945E2D98A}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{250EB639-A302-4464-8CD1-D2E3832C5146}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4D2E1AA3-511D-4985-90E1-E8D7596A8CEA}] => (Allow) LPort=2869
FirewallRules: [{8DF66495-1B16-446E-A3F6-1230833630C3}] => (Allow) LPort=1900
FirewallRules: [{4A21CB2B-3B58-4564-AFBA-4A109FBA5101}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E0D4172E-88C0-4B09-A58D-5DFBF3A3A610}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{62AC3538-1AA4-4AF0-85B9-EA12E95E6467}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5979C972-77AE-4B8F-8DB2-60F4709AE423}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{15CFA5C5-6D28-4DDE-B959-F0699A570A2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities In Motion\Cities In Motion.exe
FirewallRules: [{1728841C-C1E1-4A44-814B-63CF9E0D9D82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities In Motion\Cities In Motion.exe
FirewallRules: [{F4307821-E3E9-4055-8274-39A8AD28097F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe
FirewallRules: [{B18F778C-1073-498F-B5DB-62F210DAA924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OMSI 2\Omsi.exe
FirewallRules: [{594CBC90-D0D8-48EE-986C-E8E350C60871}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42F68442-D05D-4B40-9D43-938B28EBC3BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA9332C1-B16F-486F-93E7-CB378D5C4C7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2015 11:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xb1c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/17/2015 09:08:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (05/20/2015 11:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce796f3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003afba8
ID des fehlerhaften Prozesses: 0x97c
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (05/19/2015 08:10:17 PM) (Source: MsiInstaller) (EventID: 1023) (User: HSB201)
Description: Produkt: Adobe Reader XI (11.0.10) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011011}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\SFF033\AppData\Local\Temp\MSI3f556.LOG enthalten.

Error: (05/12/2015 09:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e3d
ID des fehlerhaften Prozesses: 0xc18
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (05/10/2015 10:00:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c8f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000018e3d
ID des fehlerhaften Prozesses: 0x1120
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (04/23/2015 11:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: prevhost.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce796ac
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba58
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00098d20
ID des fehlerhaften Prozesses: 0x1218
Startzeit der fehlerhaften Anwendung: 0xprevhost.exe0
Pfad der fehlerhaften Anwendung: prevhost.exe1
Pfad des fehlerhaften Moduls: prevhost.exe2
Berichtskennung: prevhost.exe3

Error: (04/13/2015 10:53:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 37.0.1.5570 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 128

Startzeit: 01d0761cce860ecb

Endzeit: 40

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 14385b84-e21f-11e4-b8ba-f46d04d4a86d

Error: (04/13/2015 10:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 37.0.1.5570, Zeitstempel: 0x551e23ee
Name des fehlerhaften Moduls: mozalloc.dll, Version: 37.0.1.5570, Zeitstempel: 0x551e1536
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x84c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (04/13/2015 10:39:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 868

Startzeit: 01d076289af6c767

Endzeit: 10

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: 21ab094e-e21d-11e4-b8ba-f46d04d4a86d


System errors:
=============
Error: (07/04/2015 01:24:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/04/2015 01:24:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/04/2015 01:24:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/04/2015 01:24:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/03/2015 08:49:23 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/03/2015 08:49:23 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/03/2015 08:49:23 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/03/2015 08:49:23 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/02/2015 10:56:30 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/02/2015 10:56:30 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-25 22:34:02.155
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\SFF033\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-25 22:34:02.155
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\SFF033\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-25 22:34:02.139
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-25 22:34:02.124
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8173.43 MB
Available physical RAM: 4647.03 MB
Total Virtual: 16345.06 MB
Available Virtual: 12408.62 MB

==================== Drives ================================

Drive a: (Daten) (Fixed) (Total:1862.89 GB) (Free:1184.2 GB) NTFS
Drive c: () (Fixed) (Total:223.47 GB) (Free:16.19 GB) NTFS
Drive g: (GRTMPFPP_DE) (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 129FB94E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
--- --- ---

schrauber 05.07.2015 07:22
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SFF033 05.07.2015 18:05
Auswertung ComboFix
 
Ich hatte mehrmals Probleme mit GData, das lässt sich irgendwie nicht komplett abschalten (ist ja eigentlich auch nicht der Sinn des Programmes). Das Programm wollte andauernd eine Erlaubnis haben... - Seltsamerweise fehlt nun nach dem Abschluss bzw. Neustart das Symbol von GData in der Taskleiste

Hier die Auswertung
Code:
Combofix Logfile:

       
Code:

       
ComboFix 15-07-05.01 - SFF033 05.07.2015  17:11:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8173.5414 [GMT 2:00]
ausgeführt von:: c:\users\SFF033\Desktop\ComboFix.exe
AV: G Data InternetSecurity CBE *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity CBE *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-05 bis 2015-07-05  ))))))))))))))))))))))))))))))
.
.
2015-07-05 16:26 . 2015-07-05 16:26        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-07-05 12:03 . 2015-07-05 12:03        --------        d-----w-        C:\OneDriveTemp
2015-07-04 11:35 . 2015-06-23 23:22        12221144        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BA545A5-FFB0-441B-B1B7-93E1EC36C3F9}\mpengine.dll
2015-07-04 11:31 . 2015-07-04 11:34        --------        d-----w-        C:\FRST
2015-07-03 19:17 . 2015-07-03 19:18        --------        d-----w-        c:\users\SFF033\Neuer Ordner (6)
2015-06-29 17:57 . 2015-06-29 17:57        --------        d-----w-        c:\program files (x86)\Seagate
2015-06-18 19:34 . 2015-06-18 19:34        --------        d-----w-        c:\users\SFF033\AppData\Local\pdfforge
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-04 11:46 . 2015-05-10 20:26        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-03 21:55 . 2014-11-12 20:26        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-03 21:55 . 2014-11-12 20:26        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2015-05-10 20:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2015-05-10 20:26        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2015-05-10 20:26        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-11 13:07        323752        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-01 17:57        1605832        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-01 17:57        1605832        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-01 17:57        1605832        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-06-04 2892992]
"OneDrive"="c:\users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-06-01 382664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
"G Data ASM"="c:\program files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe" [2013-12-19 431224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\SFF033\AppData\Local\Temp\EverestDriver.sys;c:\users\SFF033\AppData\Local\Temp\EverestDriver.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 PDF Architect 2 Creator;PDF Architect 2 Creator;c:\program files (x86)\PDF Architect 2\creator-ws.exe;c:\program files (x86)\PDF Architect 2\creator-ws.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-23 18:40        990024        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 21:55]
.
2015-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 21:24]
.
2015-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 21:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-07 17:08        357376        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-06-01 17:57        1645256        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-06-01 17:57        1645256        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-06-01 17:57        1645256        ----a-w-        c:\users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B59856c40-1b9f-4b83-9985-d3e303908c92%7D&mid=c90654fde2e847d18ade25244230419e-a466d8ad3be4084f3e6bcce0beab89580416547a&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-13%2022%3A37%3A05&sap=ku&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 445
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-05  18:53:56
ComboFix-quarantined-files.txt  2015-07-05 16:53
.
Vor Suchlauf: 10 Verzeichnis(se), 19.598.004.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 21.831.430.144 Bytes frei
.
- - End Of File - - 362845254A0982DEBE2C26E755DEBB1C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 06.07.2015 05:43
Zitat:
(ist ja eigentlich auch nicht der Sinn des Programmes)
Doch, das sollte jede Software können.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

SFF033 06.07.2015 17:01
Hab den Ausschalter bei GDATA nun gefunden... :)

Malwarebytes hab ich schon länger auf meinem Rechner. Beim aktuellen Lauf hat es nichts gefunden, aber bei mir ist aktuell eine Datei mehrmals in Quarantäne, sofern das nicht im Log verzeichnet ist.

http://abload.de/img/mbamq5uk1.png

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 06.07.2015
Suchlaufzeit: 12:49
Protokolldatei: MBAM.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.06.02
Rootkit-Datenbank: v2015.07.05.03
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: SFF033

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363866
Abgelaufene Zeit: 6 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Als nächstes dann der AdwCleaner

AdwCleaner Logfile:
Code:
# AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 17:29:04
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-21.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : SFF033 - SFF033
# Gestarted von : A:\Downloads\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\SFF033\AppData\Local\pdfforge
Ordner Gelöscht : C:\Users\SFF033\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\ym9qq8yw.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v39.0 (x86 de)

[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634356118310000000");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q=");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 22:39:24 GMT+0200");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Feb 06 2011 13:43:34 GMT+0100");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 13 2011 20:01:47 GMT+0200");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.alert.userId", "b87f0cef-2526-4bf3-b041-c5e39b9670f0");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 28 2010 16:06:47 GMT+0200");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.Initialize", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("ConduitEngine.initDone", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.engineVerified", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.history", "2001%20london2001");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.suggestions", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.uniqueID", "126261286312626128631262734689322");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1262734701);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.version", "1.1.5");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
[svmhfxgo.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B59856c40-1b9f-4b83-9985-d3e303908c92%7D&mid=c90654fde2e847d18ade25244230419e-a466d8ad3be4084f3e6bcce0beab89580416547a&ds=AVG&v=10.0.0.7&l[...]
[ym9qq8yw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[ym9qq8yw.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [10192 Bytes] - [06/07/2015 17:22:48]
AdwCleaner[S0].txt - [10624 Bytes] - [06/07/2015 17:29:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10684  Bytes] ##########
--- --- ---


Nun das Junkware Removal Tool

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.3 (07.06.2015:2)
OS: Windows 7 Home Premium x64
Ran by SFF033 on 06.07.2015 at 17:34:52,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{691B33B0-B86E-47F3-81C7-56E4FE3B929C}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\SFF033\AppData\Roaming\mozilla\firefox\profiles\svmhfxgo.default\prefs.js

user_pref(CT2269050.CTID, CT2269050);
user_pref(CT2269050.CurrentServerDate, 28-8-2010);
user_pref(CT2269050.DialogsAlignMode, LTR);
user_pref(CT2269050.DownloadReferralCookieData, );
user_pref(CT2269050.EMailNotifierPollDate, Sat Aug 28 2010 16:06:46 GMT+0200);
user_pref(CT2269050.FirstServerDate, 28-8-2010);
user_pref(CT2269050.FirstTime, true);
user_pref(CT2269050.FirstTimeFF3, true);
user_pref(CT2269050.FirstTimeSettingsDone, true);
user_pref(CT2269050.FixPageNotFoundErrors, true);
user_pref(CT2269050.GroupingServerCheckInterval, 1440);
user_pref(CT2269050.Initialize, true);
user_pref(CT2269050.InitializeCommonPrefs, true);
user_pref(CT2269050.InstallationAndCookieDataSentCount, 1);
user_pref(CT2269050.InstallationType, UnknownIntegration);
user_pref(CT2269050.InstalledDate, Sat Aug 28 2010 16:06:46 GMT+0200);
user_pref(CT2269050.InvalidateCache, false);
user_pref(CT2269050.IsGrouping, false);
user_pref(CT2269050.IsMulticommunity, false);
user_pref(CT2269050.IsOpenThankYouPage, false);
user_pref(CT2269050.IsOpenUninstallPage, false);
user_pref(CT2269050.LanguagePackLastCheckTime, Sat Aug 28 2010 16:06:47 GMT+0200);
user_pref(CT2269050.LanguagePackReloadIntervalMM, 1440);
user_pref(CT2269050.LastLogin_2.7.0.14, Sat Aug 28 2010 16:06:47 GMT+0200);
user_pref(CT2269050.LatestVersion, 2.7.2.0);
user_pref(CT2269050.Locale, en);
user_pref(CT2269050.LoginCache, 4);
user_pref(CT2269050.MCDetectTooltipHeight, 83);
user_pref(CT2269050.MCDetectTooltipUrl, hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1);
user_pref(CT2269050.MCDetectTooltipWidth, 295);
user_pref(CT2269050.RadioIsPodcast, false);
user_pref(CT2269050.RadioLastCheckTime, Sat Aug 28 2010 16:06:48 GMT+0200);
user_pref(CT2269050.RadioLastUpdateIPServer, 3);
user_pref(CT2269050.RadioLastUpdateServer, 129132338014870000);
user_pref(CT2269050.RadioMediaID, 12473383);
user_pref(CT2269050.RadioMediaType, Media Player);
user_pref(CT2269050.RadioMenuSelectedID, EBRadioMenu_CT226905012473383);
user_pref(CT2269050.RadioStationName, Hotmix%20108);
user_pref(CT2269050.RadioStationURL, hxxp://67.202.67.18:8082);
user_pref(CT2269050.SavedHomepage, hxxp://go.microsoft.com/fwlink/?LinkId=69157);
user_pref(CT2269050.SearchFromAddressBarIsInit, true);
user_pref(CT2269050.SearchInNewTabEnabled, true);
user_pref(CT2269050.SearchInNewTabIntervalMM, 1440);
user_pref(CT2269050.SearchInNewTabLastCheckTime, Sat Aug 28 2010 16:06:47 GMT+0200);
user_pref(CT2269050.SettingsCheckIntervalMin, 120);
user_pref(CT2269050.SettingsLastCheckTime, Sat Aug 28 2010 16:06:45 GMT+0200);
user_pref(CT2269050.SettingsLastUpdate, 1282841510);
user_pref(CT2269050.ThirdPartyComponentsInterval, 504);
user_pref(CT2269050.ThirdPartyComponentsLastCheck, Sat Aug 28 2010 16:06:45 GMT+0200);
user_pref(CT2269050.ThirdPartyComponentsLastUpdate, 1246790578);
user_pref(CT2269050.TrusteLinkUrl, hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112);
user_pref(CT2269050.UserID, UN38827336657363465);
user_pref(CT2269050.WeatherNetwork, );
user_pref(CT2269050.WeatherPollDate, Sat Aug 28 2010 16:06:47 GMT+0200);
user_pref(CT2269050.WeatherUnit, C);
user_pref(CT2269050.alertChannelId, 666138);
user_pref(CT2269050.clientLogIsEnabled, false);
user_pref(CT2269050.myStuffEnabled, true);
user_pref(CT2269050.myStuffPublihserMinWidth, 400);
user_pref(CT2269050.myStuffServiceIntervalMM, 1440);
Emptied folder: C:\Users\SFF033\AppData\Roaming\mozilla\firefox\profiles\svmhfxgo.default\minidumps [435 files]



~~~ Chrome


[C:\Users\SFF033\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SFF033\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SFF033\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SFF033\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2015 at 17:39:46,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und zum Schluss ein neues FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015
Ran by SFF033 (administrator) on SFF033 on 06-07-2015 17:45:07
Running from C:\Users\SFF033\Desktop
Loaded Profiles: SFF033 (Available Profiles: SFF033)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [OneDrive] => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ADE75A66-FE58-4AB6-B2E7-2B2C4F7A384C}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-03] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-03] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Extension: Adblock Plus - C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-09]
FF HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-19]

Chrome:
=======
CHR Profile: C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (YouTube) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Google Sheets) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-11-12] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-11-12] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-11-12] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-11-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-11-12] (G Data Software AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S3 EverestDriver; \??\C:\Users\SFF033\AppData\Local\Temp\EverestDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 17:39 - 2015-07-06 17:39 - 00005190 _____ C:\Users\SFF033\Desktop\JRT.txt
2015-07-06 17:35 - 2015-07-06 17:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SFF033-Windows-7-Home-Premium-(64-bit).dat
2015-07-06 17:35 - 2015-07-06 17:35 - 00000000 ____D C:\RegBackup
2015-07-06 17:22 - 2015-07-06 17:29 - 00000000 ____D C:\AdwCleaner
2015-07-06 13:45 - 2015-07-06 13:45 - 00067749 _____ C:\Users\SFF033\AppData\Local\recently-used.xbel
2015-07-06 12:49 - 2015-07-06 12:49 - 00000000 ___HD C:\OneDriveTemp
2015-07-05 19:08 - 2015-07-05 19:08 - 00017391 _____ C:\Users\SFF033\ComboFix2.txt
2015-07-05 18:54 - 2015-07-05 18:54 - 00017363 _____ C:\Users\SFF033\2.txt
2015-07-05 18:53 - 2015-07-05 18:53 - 00017363 _____ C:\ComboFix.txt
2015-07-05 17:09 - 2015-07-05 18:54 - 00000000 ____D C:\Qoobox
2015-07-05 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 17:08 - 2015-07-05 18:52 - 00000000 ____D C:\Windows\erdnt
2015-07-05 17:06 - 2015-07-05 17:06 - 05631375 ____R (Swearware) C:\Users\SFF033\Desktop\ComboFix.exe
2015-07-04 15:46 - 2015-07-04 15:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-04 15:46 - 2015-07-04 15:46 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-04 15:46 - 2015-07-04 15:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-04 13:33 - 2015-07-04 15:52 - 00028170 _____ C:\Users\SFF033\Desktop\Addition.txt
2015-07-04 13:32 - 2015-07-06 17:45 - 00013121 _____ C:\Users\SFF033\Desktop\FRST.txt
2015-07-04 13:31 - 2015-07-06 17:45 - 00000000 ____D C:\FRST
2015-07-04 13:30 - 2015-07-04 13:30 - 02112512 _____ (Farbar) C:\Users\SFF033\Desktop\FRST64.exe
2015-07-03 22:34 - 2015-07-03 22:34 - 134425326 _____ C:\Users\SFF033\Documents\DSC_7469.xcf
2015-07-03 21:17 - 2015-07-06 17:44 - 00000000 ____D C:\Users\SFF033\Neuer Ordner (6)
2015-07-03 20:49 - 2015-07-04 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-29 19:57 - 2015-06-29 19:57 - 00001405 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-06-18 23:15 - 2015-06-18 23:15 - 00057065 _____ C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B).htm
2015-06-18 23:15 - 2015-06-18 23:15 - 00000000 ____D C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B)-Dateien
2015-06-11 21:01 - 2015-06-11 21:07 - 56073137 _____ C:\Users\SFF033\YouPorn - stuffing a French ass.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 17:42 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 17:42 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 17:40 - 2014-11-25 23:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 17:39 - 2015-01-29 00:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-06 17:35 - 2014-12-10 00:26 - 00000000 ___RD C:\Users\SFF033\OneDrive
2015-07-06 17:35 - 2014-12-04 21:49 - 00000000 ____D C:\Users\SFF033\AppData\Local\CrashDumps
2015-07-06 17:30 - 2015-05-10 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 17:30 - 2015-03-01 20:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-06 17:30 - 2014-11-25 23:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 17:29 - 2014-11-13 21:51 - 00000000 ____D C:\Users\SFF033\.gimp-2.8
2015-07-06 17:29 - 2014-11-12 21:30 - 01581046 _____ C:\Windows\WindowsUpdate.log
2015-07-06 17:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 17:29 - 2009-07-14 06:51 - 00039947 _____ C:\Windows\setupact.log
2015-07-06 13:28 - 2014-11-13 22:15 - 00000000 ____D C:\Users\SFF033\AppData\Local\gtk-2.0
2015-07-06 12:54 - 2009-07-14 19:58 - 00696132 _____ C:\Windows\system32\perfh007.dat
2015-07-06 12:54 - 2009-07-14 19:58 - 00147428 _____ C:\Windows\system32\perfc007.dat
2015-07-06 12:54 - 2009-07-14 07:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:55 - 2015-05-10 22:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-05 20:55 - 2015-05-10 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 20:55 - 2015-05-10 22:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 19:08 - 2014-11-12 21:29 - 00000000 ____D C:\Users\SFF033
2015-07-05 18:56 - 2014-11-13 00:04 - 00011220 _____ C:\Windows\PFRO.log
2015-07-05 18:53 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-05 18:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 15:51 - 2014-11-12 22:25 - 00000000 ____D C:\Users\SFF033\AppData\Local\Adobe
2015-07-04 15:47 - 2014-11-12 22:27 - 00000000 ____D C:\Users\SFF033\AppData\Roaming\Adobe
2015-07-04 15:46 - 2014-12-24 23:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-04 15:46 - 2014-11-13 00:45 - 00000000 ____D C:\ProgramData\Adobe
2015-07-04 13:24 - 2015-04-12 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 23:55 - 2015-01-29 00:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-03 23:55 - 2014-11-12 22:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-03 23:55 - 2014-11-12 22:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 21:17 - 2014-11-13 23:03 - 01989632 ___SH C:\Users\SFF033\Thumbs.db
2015-07-03 21:14 - 2015-04-13 22:02 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-29 20:45 - 2015-03-09 23:54 - 00000000 ____D C:\Users\SFF033\AppData\Local\PDFCreator
2015-06-29 19:57 - 2014-11-12 23:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-23 20:41 - 2014-11-25 23:24 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-18 08:41 - 2015-05-10 22:26 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-05-10 22:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-05-10 22:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-14 23:29 - 2014-11-13 00:26 - 00000000 ____D C:\Users\SFF033\AppData\Roaming\vlc
2015-06-12 23:18 - 2014-11-12 23:36 - 00000000 ____D C:\Users\SFF033\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-11-12 23:23 - 2014-07-23 22:56 - 9473538 _____ () C:\Program Files\Decoder.zip
2014-11-12 23:23 - 2013-01-07 01:56 - 1476609 _____ () C:\Program Files\JPG Steffen.zip
2014-11-12 23:23 - 2012-05-03 23:38 - 1476352 _____ () C:\Program Files\Neuer ZIP-komprimierter Ordner.zip
2014-11-12 23:00 - 2014-11-12 23:00 - 0000000 _____ () C:\Users\SFF033\AppData\Roaming\gdfw.log
2014-11-12 23:00 - 2014-11-12 23:00 - 0000779 _____ () C:\Users\SFF033\AppData\Roaming\gdscan.log
2015-07-06 13:45 - 2015-07-06 13:45 - 0067749 _____ () C:\Users\SFF033\AppData\Local\recently-used.xbel
2014-12-03 00:46 - 2014-12-03 00:46 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SFF033\AppData\Local\Temp\Quarantine.exe
C:\Users\SFF033\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-05 18:49

==================== End of log ============================
--- --- ---

Grüße
SFF033

schrauber 07.07.2015 06:11

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

SFF033 09.07.2015 18:32
Der ESET OnlineScanner

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=762ad2eb70ed9e45bea06ab594808823
# end=init
# utc_time=2015-07-09 04:18:06
# local_time=2015-07-09 06:18:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24722
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=762ad2eb70ed9e45bea06ab594808823
# end=updated
# utc_time=2015-07-09 04:19:44
# local_time=2015-07-09 06:19:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=762ad2eb70ed9e45bea06ab594808823
# engine=24722
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-09 05:18:21
# local_time=2015-07-09 07:18:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 441896 188092151 0 0
# scanned=424648
# found=40
# cleaned=0
# scan_time=3517
sh=C437ED7AE6FE3C31C6CACA337503E44E40E8166B ft=1 fh=74723ca890c800eb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\7 Zip 64 Bit - CHIP-Installer(1).exe"
sh=886C25EE72FFEA4849F93782D4359E8ADA65A0A4 ft=1 fh=c2e81399880f50ce vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\7 Zip 64 Bit - CHIP-Installer.exe"
sh=8CA3CC26D248D7D81A8E5BC62A0E90F77C696E22 ft=1 fh=5242277386332a71 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\Inkscape - CHIP-Installer.exe"
sh=9BE368673828B7F2F558BDE395E22391BA5A80DB ft=1 fh=18442725527ac180 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\Malwarebytes Anti Exploit - CHIP-Installer.exe"
sh=BA7285ABDCCF5771CDF17AA82ACD802739EAB5B9 ft=1 fh=e26be5f9724d1531 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=20C40CEAB356EF4453F1C9B83B9C9C3717E30632 ft=1 fh=9b141e3c12df897d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Downloads\MozBackup - CHIP-Installer.exe"
sh=2EF0FAE055A24DA2E0ACAB464CC6F8BC3A0AFDEB ft=1 fh=5d9250067f041a29 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe"
sh=DF3AD1EF5F77E1BD46FFB5EF28D711206FED5901 ft=1 fh=1c5ab5ea1c9df0a6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Easeus Partition Recovery - CHIP-Installer.exe"
sh=F6DAB6D9D311E523F47656E7F21736EA14C3287A ft=1 fh=5e3c219fb18d0d91 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\File Repair - CHIP-Installer.exe"
sh=5BFFCBF1044C8F70F08C2F09DD6A04309FDB2CAC ft=1 fh=da648b913cb07649 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\PhotoRescue Pro - CHIP-Installer.exe"
sh=2B0895284310B40626580DE727B8DEEBD8E0FFEE ft=1 fh=70f56dd6ad251db4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Scribus 64 Bit - CHIP-Installer.exe"
sh=0C2B170683B8A7D9F0D29E4DC005128445CE401B ft=1 fh=8a982c5b6c2bf8d1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\TestDisk PhotoRec - CHIP-Installer.exe"
sh=11DD9F49D7EF04EE02E530C96CF95FF816E53AED ft=1 fh=cc993920a42ef7c4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=3810692AC162AB8133B726926D0A656F6AD1B144 ft=1 fh=ee7d05420fe80c7f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe"
sh=EFF91F089E8DC568E33BBDD6ECC59D436366775D ft=1 fh=adf7afc39dce81ba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe"
sh=7FD89C09FDC6C72B275839DF3075C1B45033F39E ft=1 fh=8bccb991c42ea541 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="A:\Neuer Ordner (2)\001_Neuer Computer\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe"
sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\AppData\Local\Temp\DMR\dmr_72.exe"
sh=2EF0FAE055A24DA2E0ACAB464CC6F8BC3A0AFDEB ft=1 fh=5d9250067f041a29 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe"
sh=DF3AD1EF5F77E1BD46FFB5EF28D711206FED5901 ft=1 fh=1c5ab5ea1c9df0a6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Easeus Partition Recovery - CHIP-Installer.exe"
sh=F6DAB6D9D311E523F47656E7F21736EA14C3287A ft=1 fh=5e3c219fb18d0d91 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\File Repair - CHIP-Installer.exe"
sh=42BB884945957FDCD5CD4665E8154D10B2F50DF8 ft=1 fh=48430c5811bffa00 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Firefox - CHIP-Installer.exe"
sh=29BB575CCCE5634AD78026A197C3E64464EBE3CB ft=1 fh=dff27da348ae57f5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Free AVI Video Converter - CHIP-Installer.exe"
sh=5BFFCBF1044C8F70F08C2F09DD6A04309FDB2CAC ft=1 fh=da648b913cb07649 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\PhotoRescue Pro - CHIP-Installer.exe"
sh=2B0895284310B40626580DE727B8DEEBD8E0FFEE ft=1 fh=70f56dd6ad251db4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Scribus 64 Bit - CHIP-Installer.exe"
sh=45FD076954D04455646FCDE3EF5C14D95106E89C ft=1 fh=9a0fdf508d11c20e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Steam - CHIP-Installer.exe"
sh=0C2B170683B8A7D9F0D29E4DC005128445CE401B ft=1 fh=8a982c5b6c2bf8d1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\TestDisk PhotoRec - CHIP-Installer.exe"
sh=11DD9F49D7EF04EE02E530C96CF95FF816E53AED ft=1 fh=cc993920a42ef7c4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=3810692AC162AB8133B726926D0A656F6AD1B144 ft=1 fh=ee7d05420fe80c7f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe"
sh=EFF91F089E8DC568E33BBDD6ECC59D436366775D ft=1 fh=adf7afc39dce81ba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe"
sh=7FD89C09FDC6C72B275839DF3075C1B45033F39E ft=1 fh=8bccb991c42ea541 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\SFF033\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe"
sh=2EF0FAE055A24DA2E0ACAB464CC6F8BC3A0AFDEB ft=1 fh=5d9250067f041a29 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe"
sh=DF3AD1EF5F77E1BD46FFB5EF28D711206FED5901 ft=1 fh=1c5ab5ea1c9df0a6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Easeus Partition Recovery - CHIP-Installer.exe"
sh=F6DAB6D9D311E523F47656E7F21736EA14C3287A ft=1 fh=5e3c219fb18d0d91 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\File Repair - CHIP-Installer.exe"
sh=5BFFCBF1044C8F70F08C2F09DD6A04309FDB2CAC ft=1 fh=da648b913cb07649 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\PhotoRescue Pro - CHIP-Installer.exe"
sh=2B0895284310B40626580DE727B8DEEBD8E0FFEE ft=1 fh=70f56dd6ad251db4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Scribus 64 Bit - CHIP-Installer.exe"
sh=0C2B170683B8A7D9F0D29E4DC005128445CE401B ft=1 fh=8a982c5b6c2bf8d1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\TestDisk PhotoRec - CHIP-Installer.exe"
sh=11DD9F49D7EF04EE02E530C96CF95FF816E53AED ft=1 fh=cc993920a42ef7c4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"
sh=3810692AC162AB8133B726926D0A656F6AD1B144 ft=1 fh=ee7d05420fe80c7f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe"
sh=EFF91F089E8DC568E33BBDD6ECC59D436366775D ft=1 fh=adf7afc39dce81ba vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe"
sh=7FD89C09FDC6C72B275839DF3075C1B45033F39E ft=1 fh=8bccb991c42ea541 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="F:\001_Neuer Computer\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe"
Code:
Results of screen317's Security Check version 1.004 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
G Data InternetSecurity CBE 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 18.0.0.203 
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.130)
 Google Chrome (43.0.2357.132)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 G Data InternetSecurity Firewall GDFwSvcx64.exe
 G Data InternetSecurity Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-07-2015
Ran by SFF033 (administrator) on SFF033 on 09-07-2015 19:22:37
Running from C:\Users\SFF033\Desktop
Loaded Profiles: SFF033 (Available Profiles: SFF033)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Run: [OneDrive] => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\SFF033\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll [2015-06-01] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll [2014-10-10] (pdfforge GmbH)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ADE75A66-FE58-4AB6-B2E7-2B2C4F7A384C}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Extension: Adblock Plus - C:\Users\SFF033\AppData\Roaming\Mozilla\Firefox\Profiles\svmhfxgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-12]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files (x86)\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-03-09]
FF HKU\S-1-5-21-1073856993-1816317826-1230882084-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-19]

Chrome:
=======
CHR Profile: C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (YouTube) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Google Sheets) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Google Wallet) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\SFF033\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-11-12] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-11-12] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-11-12] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-11-12] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-11-13] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-11-12] (G Data Software AG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2014-12-31] (Realtek Semiconductor Corporation)
S3 EverestDriver; \??\C:\Users\SFF033\AppData\Local\Temp\EverestDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 19:19 - 2015-07-09 19:22 - 00000000 ____D C:\Users\SFF033\Neuer Ordner (7)
2015-07-09 18:17 - 2015-07-09 18:17 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-09 18:11 - 2015-07-09 18:11 - 00000000 ___HD C:\OneDriveTemp
2015-07-07 22:34 - 2015-07-07 22:34 - 00067114 _____ C:\Users\SFF033\AppData\Local\recently-used.xbel
2015-07-07 21:32 - 2015-07-07 21:32 - 00000000 ____D C:\Users\SFF033\AppData\Local\pdfforge
2015-07-06 17:39 - 2015-07-06 17:39 - 00005190 _____ C:\Users\SFF033\Desktop\JRT.txt
2015-07-06 17:35 - 2015-07-06 17:35 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SFF033-Windows-7-Home-Premium-(64-bit).dat
2015-07-06 17:35 - 2015-07-06 17:35 - 00000000 ____D C:\RegBackup
2015-07-06 17:22 - 2015-07-06 17:29 - 00000000 ____D C:\AdwCleaner
2015-07-05 19:08 - 2015-07-05 19:08 - 00017391 _____ C:\Users\SFF033\ComboFix2.txt
2015-07-05 18:54 - 2015-07-05 18:54 - 00017363 _____ C:\Users\SFF033\2.txt
2015-07-05 18:53 - 2015-07-05 18:53 - 00017363 _____ C:\ComboFix.txt
2015-07-05 17:09 - 2015-07-05 18:54 - 00000000 ____D C:\Qoobox
2015-07-05 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-05 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-05 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-05 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-05 17:08 - 2015-07-05 18:52 - 00000000 ____D C:\Windows\erdnt
2015-07-05 17:06 - 2015-07-05 17:06 - 05631375 ____R (Swearware) C:\Users\SFF033\Desktop\ComboFix.exe
2015-07-04 15:46 - 2015-07-04 15:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-04 15:46 - 2015-07-04 15:46 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-04 15:46 - 2015-07-04 15:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-04 13:33 - 2015-07-04 15:52 - 00028170 _____ C:\Users\SFF033\Desktop\Addition.txt
2015-07-04 13:32 - 2015-07-09 19:22 - 00014110 _____ C:\Users\SFF033\Desktop\FRST.txt
2015-07-04 13:31 - 2015-07-09 19:22 - 00000000 ____D C:\FRST
2015-07-04 13:30 - 2015-07-04 13:30 - 02112512 _____ (Farbar) C:\Users\SFF033\Desktop\FRST64.exe
2015-07-03 22:34 - 2015-07-03 22:34 - 134425326 _____ C:\Users\SFF033\Documents\DSC_7469.xcf
2015-07-03 21:17 - 2015-07-06 17:45 - 00000000 ____D C:\Users\SFF033\Neuer Ordner (6)
2015-07-03 20:49 - 2015-07-04 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-29 19:57 - 2015-06-29 19:57 - 00001405 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2015-06-29 19:57 - 2015-06-29 19:57 - 00000000 ____D C:\Program Files (x86)\Seagate
2015-06-18 23:15 - 2015-06-18 23:15 - 00057065 _____ C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B).htm
2015-06-18 23:15 - 2015-06-18 23:15 - 00000000 ____D C:\Users\SFF033\Downloads\Drehscheibe Online Foren  04 - Historische Bahn  [DU] Mit der Straßenbahn durch Duisburg (1986 - 32B)-Dateien
2015-06-11 21:01 - 2015-06-11 21:07 - 56073137 _____ C:\Users\SFF033\YouPorn - stuffing a French ass.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 19:19 - 2014-11-12 21:29 - 00000000 ____D C:\Users\SFF033
2015-07-09 18:40 - 2014-11-25 23:24 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 18:39 - 2015-01-29 00:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 18:28 - 2015-05-10 22:26 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 18:19 - 2014-11-12 21:30 - 01839988 _____ C:\Windows\WindowsUpdate.log
2015-07-09 18:19 - 2009-07-14 19:58 - 00696132 _____ C:\Windows\system32\perfh007.dat
2015-07-09 18:19 - 2009-07-14 19:58 - 00147428 _____ C:\Windows\system32\perfc007.dat
2015-07-09 18:19 - 2009-07-14 07:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 18:17 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-09 18:17 - 2009-07-14 06:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-09 18:11 - 2015-03-01 20:23 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-09 18:11 - 2014-12-10 00:26 - 00000000 ___RD C:\Users\SFF033\OneDrive
2015-07-09 18:11 - 2014-11-25 23:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 18:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 18:10 - 2009-07-14 06:51 - 00040966 _____ C:\Windows\setupact.log
2015-07-09 00:07 - 2014-11-13 23:03 - 01999872 ___SH C:\Users\SFF033\Thumbs.db
2015-07-08 23:39 - 2015-01-29 00:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 23:39 - 2014-11-12 22:26 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 23:39 - 2014-11-12 22:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 22:41 - 2014-11-25 23:24 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 22:34 - 2014-11-13 22:15 - 00000000 ____D C:\Users\SFF033\AppData\Local\gtk-2.0
2015-07-07 22:05 - 2014-11-13 21:51 - 00000000 ____D C:\Users\SFF033\.gimp-2.8
2015-07-07 21:51 - 2014-11-13 00:26 - 00000000 ____D C:\Users\SFF033\AppData\Roaming\vlc
2015-07-06 17:46 - 2014-12-04 21:49 - 00000000 ____D C:\Users\SFF033\AppData\Local\CrashDumps
2015-07-05 20:55 - 2015-05-10 22:26 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-05 20:55 - 2015-05-10 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-05 20:55 - 2015-05-10 22:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 18:56 - 2014-11-13 00:04 - 00011220 _____ C:\Windows\PFRO.log
2015-07-05 18:53 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-05 18:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-04 15:51 - 2014-11-12 22:25 - 00000000 ____D C:\Users\SFF033\AppData\Local\Adobe
2015-07-04 15:47 - 2014-11-12 22:27 - 00000000 ____D C:\Users\SFF033\AppData\Roaming\Adobe
2015-07-04 15:46 - 2014-12-24 23:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-04 15:46 - 2014-11-13 00:45 - 00000000 ____D C:\ProgramData\Adobe
2015-07-04 13:24 - 2015-04-12 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 21:14 - 2015-04-13 22:02 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-06-29 20:45 - 2015-03-09 23:54 - 00000000 ____D C:\Users\SFF033\AppData\Local\PDFCreator
2015-06-29 19:57 - 2014-11-12 23:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-18 08:41 - 2015-05-10 22:26 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-05-10 22:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-05-10 22:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-12 23:18 - 2014-11-12 23:36 - 00000000 ____D C:\Users\SFF033\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-11-12 23:23 - 2014-07-23 22:56 - 9473538 _____ () C:\Program Files\Decoder.zip
2014-11-12 23:23 - 2013-01-07 01:56 - 1476609 _____ () C:\Program Files\JPG Steffen.zip
2014-11-12 23:23 - 2012-05-03 23:38 - 1476352 _____ () C:\Program Files\Neuer ZIP-komprimierter Ordner.zip
2014-11-12 23:00 - 2014-11-12 23:00 - 0000000 _____ () C:\Users\SFF033\AppData\Roaming\gdfw.log
2014-11-12 23:00 - 2014-11-12 23:00 - 0000779 _____ () C:\Users\SFF033\AppData\Roaming\gdscan.log
2015-07-07 22:34 - 2015-07-07 22:34 - 0067114 _____ () C:\Users\SFF033\AppData\Local\recently-used.xbel
2014-12-03 00:46 - 2014-12-03 00:46 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\SFF033\AppData\Local\Temp\Quarantine.exe
C:\Users\SFF033\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-05 18:49

==================== End of log ============================
--- --- ---


Ein Check eben, zeigte leider weiterhin die Chinesischen Zeichen beim Booking.com

schrauber 10.07.2015 08:13
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Users\SFF033\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\SFF033\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Easeus Partition Recovery - CHIP-Installer.exe

C:\Users\SFF033\Downloads\File Repair - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Firefox - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Free AVI Video Converter - CHIP-Installer.exe

C:\Users\SFF033\Downloads\PhotoRescue Pro - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Scribus 64 Bit - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Steam - CHIP-Installer.exe

C:\Users\SFF033\Downloads\TestDisk PhotoRec - CHIP-Installer.exe

C:\Users\SFF033\Downloads\VLC media player 64 Bit - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Easeus Partition Recovery - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\File Repair - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\PhotoRescue Pro - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Scribus 64 Bit - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\TestDisk PhotoRec - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\VLC media player 64 Bit - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe

F:\001_Neuer Computer\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe

FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen



Testweise bei einem Browser:
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

SFF033 12.07.2015 22:11
Ok, dass der Chip-Installer Adware ohne Ende mitbringt, habe ich nicht gewusst. Vielen Dank!
Ich hatte alle Zusatzprogramme eigentlich immer abgewählt. Außer einmal, wo ich schnell das Programm benötigte :(. Aber wie ich den Beitrag verstehe, ist es weiterhin möglich bei Chip zu downloaden, allerdings vorher auf manuelle Installation umzuschalten? Oder gibt es andere sichere Downloadportale für Software (Filepony muss wohl auch sicher sein?)


Die Codeausführung hat nicht so richtig geklappt, wobei ich teilweise daran Schuld bin. Ich habe es in interne und externe Festplatte getrennt, da ich die Externe noch anderweitig gebraucht hatte. Frag mich aber nicht, warum ich nicht gewartet habe, ich weiß es selbst gerade nicht, der Samstag war bei uns einfach wieder zu heiß...


Erstes Fixlog.txt
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by SFF033 at 2015-07-11 22:50:45 Run:1
Running from C:\Users\SFF033\Desktop
Loaded Profiles: SFF033 (Available Profiles: SFF033)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\SFF033\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\SFF033\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Easeus Partition Recovery - CHIP-Installer.exe

C:\Users\SFF033\Downloads\File Repair - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Firefox - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Free AVI Video Converter - CHIP-Installer.exe

C:\Users\SFF033\Downloads\PhotoRescue Pro - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Scribus 64 Bit - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Steam - CHIP-Installer.exe

C:\Users\SFF033\Downloads\TestDisk PhotoRec - CHIP-Installer.exe

C:\Users\SFF033\Downloads\VLC media player 64 Bit - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe

C:\Users\SFF033\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe

FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
Emptytemp
*****************

C:\Users\SFF033\AppData\Local\Temp\DMR\dmr_72.exe => moved successfully.
C:\Users\SFF033\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Easeus Partition Recovery - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\File Repair - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Firefox - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Free AVI Video Converter - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\PhotoRescue Pro - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Scribus 64 Bit - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Steam - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\TestDisk PhotoRec - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\VLC media player 64 Bit - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe => moved successfully.
C:\Users\SFF033\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe => moved successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Emptytemp => Error: No automatic fix found for this entry.

==== End of Fixlog 22:50:48 ====
Später habe ich die Externe angeschlossen, den Laufwerksbuchstaben geändert (da die Festplatte anders eingelesen wurde), allerdings vergessen meinen Benutzernamen zum Realnamen ändern... - Er löschte etwas, dann fuhr der Computer herunter und der Neustart funktionierte nicht direkt auf Anhieb, es waren irgendwelche Dateien nicht vorhanden. Nach einem längeren Neustart ging der Computer dann wieder...

Die Fixlog.txt davon:
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by SFF033 at 2015-07-11 23:55:55 Run:2
Running from C:\Users\SFF033\Desktop
Loaded Profiles: SFF033 (Available Profiles: SFF033)
Boot Mode: Normal
==============================================

fixlist content:
*****************
H:\001_Neuer Computer\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\Easeus Partition Recovery - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\File Repair - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\PhotoRescue Pro - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\Scribus 64 Bit - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\TestDisk PhotoRec - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\VLC media player 64 Bit - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe

H:\001_Neuer Computer\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe

FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\SFF033\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 445
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
Emptytemp:
*****************

H:\001_Neuer Computer\Downloads\Easeus Data Recovery Wizard Free Edition - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\Easeus Partition Recovery - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\File Repair - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\PhotoRescue Pro - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\Scribus 64 Bit - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\TestDisk PhotoRec - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\VLC media player 64 Bit - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\Vollversion onlineTV 10 - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\Vollversion Zoner Photo Studio 16 - CHIP-Installer.exe => moved successfully.
H:\001_Neuer Computer\Downloads\Windows Essentials 2012 Full Installer - CHIP-Installer.exe => moved successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 23:56:23 ====
Eine De- und Neuinstallation hab ich mit Chrome dann mal probiert. Leider ist das chinesische Zeichen noch da, könnte aber daran liegen, dass die temporären Datein nicht richtig gelöscht wurden und ich beim Revo Uninstaller nicht genau wusste, was ich anklicken sollte, um alles zu löschen (z.B. auch die Regstriy-Einträge?).

http://abload.de/img/unbenannt7vpdo.png

Auf meiner anderen Platte waren auch noch Dateien vom Chip-Installer, die hattest du wohl vergessen in den Code zu kopieren. Ich habe sie nun mal mit dem GData Shredder vernichtet.

schrauber 13.07.2015 15:11
Ja, mit Revo auch die Registry-Reste löschen. Und Chrome bitte nicht mit einem Google Konto verbinden für den Test. Ganz wichtig ist auch das Zurücksetzen des Browsers nach der Neuinstallation.

Filepony ist von uns, das ist seriös :)

SFF033 13.07.2015 23:25
Ich habe beide Browser mit Revo mal komplett deinstalliert, also inkl. aller Reste, den PC neugestartet und dann beide Browser neuinstalliert.

Zu Firefox:
http://abload.de/img/bookingrasxy.png
Hier ist nun interessanterweise, dass eine chinesische Zeichen bei "Meine Listen" weg. Die anderen bestehen weiterhin und seltsamerweise ist die Leiste rechts oben nun so "überlagert", dass habe ich vorher noch nie gesehen.

Chrome:
http://abload.de/img/booking.comchromeugsg9.png
In Chrome fehlt noch alles, auch das Herzchen, hier ist wie in Firefox zuvor ein chinesisches Zeichen.

Im Internet-Explorer sehe ich gerade, hab ich das Problem gar nicht, da werden alle Symbole korrekt dargestellt.

schrauber 14.07.2015 10:20
Ich frage nochmal:

Zitat:
Ich habe beide Browser mit Revo mal komplett deinstalliert, also inkl. aller Reste, den PC neugestartet und dann beide Browser neuinstalliert.
Wurden die beiden Browser nach der Neuinstallation komplett zurückgesetzt? Das ist unendlich wichtig, dass das NACH der Neuinstallation gemacht wird.

SFF033 15.07.2015 22:02
Das habe ich vergessen zu schreiben. Ja, ich habe bei Chrome den Browser zurückgesetzt und bei Firefox restauriert.

Hier nochmal konkret, was ich gemacht habe:
  1. Revo Uninstaller -> Chrome und Firefox mit "Erweitert" deinstalliert, alle Regstriyeinträge und Verlinkungen gelöscht. Zudem hab ich noch den Flash Player und den Adobe Reader deinstalliert.
  2. Computer neugestartet
  3. Chrome und Firefox neu installiert
  4. Chrome zurückgesetzt und Firefox restauriert
  5. Booking.com aufgerufen

Du hast in deiner letzten Antwort die Neuinstallation des Betriebssystems verlinkt. Das hattest du zuvor nicht, ist das der nächste Schritt :(?


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:57 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131