Windows 7 JS/Kryptik.I Trojaner

LikeaBOSS · 11.05.2014, 02:16

Hey,
Ich habe seit Heute morgen ein Problem . Ich habe nicht verändert oder sonst etwas . Mein kleiner Bruder war zwar morgens am Rechner aber spielte nur Minecraft . Doch plötzlich wird mir eine JS/Kryptik.I Trojana Meldung von ESET angezeigt immer wenn ich im Internet ihrgent was suche . hxxp://puu.sh/8Hq5j.png . Ich weis nicht so recht was ich machen soll ich mich probiert im Internet schlau zu machen aber leider ohne Erfolg . Jetzt hoffe ich auf ihre Hilfe .
mfg LikeaBOSS

schrauber · 11.05.2014, 05:55

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

LikeaBOSS · 11.05.2014, 21:59

Danke für die schnelle Antwort

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by Flo (administrator) on FLO-PC on 11-05-2014 11:21:54
Running from C:\Users\Flo\downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
(BUP) C:\Users\Flo\AppData\Roaming\BupSystem\bup.exe
() C:\Program Files\Dokan\DokanLibrary\mounter.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files\puush\puush.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Akamai Technologies, Inc.) C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [BCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-12] (ESET)
HKLM\...\Run: [Ocs_SM] => C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-04-17] (OCS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM\...\Run: [4StoryPrePatch] => C:\Program Files\GameforgeLive\Games\DEU_deu\4Story\PrePatch.exe
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [puush] => C:\Program Files\puush\puush.exe [567880 2013-07-14] ()
HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Flo\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-487487431-3654296458-3124388536-1000\...\MountPoints2: {5ade5301-2023-11e2-b131-b9180fdef40e} - E:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC47FC954C219CF01
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll ()
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C57B1502-964E-4590-8F7E-1D85286F8DB2}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=18&q={searchTerms}&barid={C57B1502-964E-4590-8F7E-1D85286F8DB2}
SearchScopes: HKCU - DefaultScope {40993C37-915F-4f55-B1DD-DE01F5059A7F} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F637573746F6D3F636C69656E743D7075622D3337393432383839343737363237383826666F7269643D31266368616E6E656C3D353336393937303930352669653D5554462D38266F653D5554462D3826736166653D61637469766526636F663D47414C54253341253233303038303030253342474C25334131253342444956253341253233333336363939253342564C43253341363633333939253342414825334163656E7465722533424247432533414646464646462533424C424743253341333336363939253342414C432533413030303046462533424C432533413030303046462533425425334130303030303025334247464E5425334130303030464625334247494D50253341303030304646253342464F5249442533413126686C3D646526713D7B7365617263685465726D737D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0
SearchScopes: HKCU - {28A88DA5-02AA-4BB1-9E80-AAC3E5022D0F} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {2E759618-6D37-4951-BA80-F362534C4CA4} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {40993C37-915F-4f55-B1DD-DE01F5059A7F} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F637573746F6D3F636C69656E743D7075622D3337393432383839343737363237383826666F7269643D31266368616E6E656C3D353336393937303930352669653D5554462D38266F653D5554462D3826736166653D61637469766526636F663D47414C54253341253233303038303030253342474C25334131253342444956253341253233333336363939253342564C43253341363633333939253342414825334163656E7465722533424247432533414646464646462533424C424743253341333336363939253342414C432533413030303046462533424C432533413030303046462533425425334130303030303025334247464E5425334130303030464625334247494D50253341303030304646253342464F5249442533413126686C3D646526713D7B7365617263685465726D737D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0
SearchScopes: HKCU - {534D23B2-6818-431D-BF91-74A9FE9148A4} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {5F502FF9-0E39-4ed3-88AC-3D2B96838EEC} URL = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2666723D6368722D646576696365766D26747970653D45474D42&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0
SearchScopes: HKCU - {953E39CE-5202-402B-A2D4-D6352794D4CF} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {A6484BEF-A292-4291-8D75-7BA691D37B11} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {AA2F6EFB-10ED-4746-93F4-AFC27CD0DF1A} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&mode=bounce&k=0
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E7377656574696D2E636F6D2F7365617263682E6173703F7372633D36266372673D332E313031303030302673743D313826713D7B7365617263685465726D737D2662617269643D7B43353742313530322D393634452D343539302D384637452D3144383532383646384442327D&st={searchTerms}&clid=60b152dd-3a4a-4e18-9a29-3956ca14e831&pid=freewarede&k=0
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default
FF user.js: detected! => C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\user.js
FF NewTab: hxxp://mystart.incredibar.com/mb155?a=6OyGrNTJ4g&loc=FF_NT
FF DefaultSearchEngine: Yahoo
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: Google
FF SelectedSearchEngine: Yahoo
FF Homepage: www.Google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=ytff-devicevm&type=EGMB&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @gamersfirst.com/LiveLauncher - C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{754345EE-769C-4465-8A0B-5626932B65D2}.xml
FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{959E0D04-C29C-458A-8997-F4AB2E049CE9}.xml
FF SearchPlugin: C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\searchplugins\{9E1855AC-5028-4809-BEF0-57D25B3920B2}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireJump - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\firejump@firejump.net [2013-04-17]
FF Extension: Site Matcher - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\sitematcher@sitematcher.com [2014-05-07]
FF Extension: Foxy Security - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\sys@foxysecurity.com [2014-05-07]
FF Extension: Adblock Plus - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-08-25]
FF HKCU\...\Firefox\Extensions: [sparpilot@sparpilot.com] - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\sparpilot@sparpilot.com
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\firejump@firejump.net
FF Extension: FireJump - C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\lkky777v.default\extensions\firejump@firejump.net [2013-04-17]

Chrome: 
=======
CHR Extension: (Docs) - C:\Users\Flo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-04-28]

========================== Services (Whitelisted) =================

R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [235752 2010-03-05] (DeviceVM, Inc.)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-08-18] ()
R2 bupService; C:\Users\Flo\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP)
R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-12] (ESET)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1682256 2014-04-15] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-07-12] (Hi-Rez Studios)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-04-08] (LogMeIn, Inc.)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\\OverwolfUpdater.exe [16616 2011-11-20] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-07-25] ()
R2 SearchAnonymizer; C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-04-17] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-07-05] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1742136 2013-12-18] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-03-03] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-03] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-17] ()
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [130088 2014-04-09] (Razer Inc)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
S3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2011-07-13] (SMART Technologies ULC)
S3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2011-07-13] (SMART Technologies ULC)
S3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2011-07-13] (SMART Technologies ULC)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-12-16] (TuneUp Software)
R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2012-08-24] (Realtime Soft Ltd)
S3 CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 11:21 - 2014-05-11 11:22 - 00021198 _____ () C:\Users\Flo\Downloads\FRST.txt
2014-05-11 11:21 - 2014-05-11 11:21 - 01055232 _____ (Farbar) C:\Users\Flo\Downloads\FRST.exe
2014-05-11 11:21 - 2014-05-11 11:21 - 00000000 ____D () C:\FRST
2014-05-10 23:47 - 2014-05-11 02:11 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-10 23:47 - 2014-05-10 23:47 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-10 22:46 - 2014-05-10 22:46 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-10 22:41 - 2014-05-10 22:41 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-05-10 20:15 - 2014-05-10 20:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 17:49 - 2014-05-10 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-10 17:49 - 2014-05-10 19:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-10 16:11 - 2014-05-10 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-10 16:11 - 2014-05-10 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 15:07 - 2014-05-07 15:07 - 00000000 ____H () C:\Users\Flo\Documents\Default.rdp
2014-05-07 14:02 - 2014-05-10 19:07 - 00000000 ____D () C:\Program Files\SiteFinder
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieUserList
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieSiteList
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\SimilarSites
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Security Systems
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\BupSystem
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteLookup
2014-05-07 13:59 - 2014-05-07 13:59 - 00386888 _____ () C:\Users\Flo\Downloads\SoftonicDownloader_for_visual-c.exe
2014-05-07 13:36 - 2014-05-07 13:47 - 00000000 ____D () C:\Users\Flo\Desktop\Schule
2014-05-07 13:32 - 2014-05-07 14:21 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Dev-Cpp
2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\UpdatusUser\Desktop\Dev-C++.lnk
2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\Flo\Desktop\Dev-C++.lnk
2014-05-07 13:32 - 2014-05-07 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2014-05-07 13:30 - 2014-05-07 13:30 - 00000000 ____D () C:\Program Files\Dev-Cpp
2014-05-07 13:26 - 2014-05-07 13:26 - 00629584 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\Orwell Dev C - CHIP-Downloader.exe
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 11:26 - 2014-04-14 04:11 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 11:26 - 2014-04-14 04:07 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-02 12:29 - 2014-05-02 12:31 - 00000000 ____D () C:\Users\Flo\Downloads\world
2014-05-02 12:29 - 2014-05-02 12:30 - 00000665 _____ () C:\Users\Flo\Downloads\server.properties
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\whitelist.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\usercache.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\ops.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-players.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-ips.json
2014-05-02 10:15 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 10:15 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-04-28 12:12 - 2014-05-11 11:15 - 00000000 ____D () C:\Users\Flo\AppData\Local\LogMeIn Hamachi
2014-04-28 12:10 - 2014-05-11 11:14 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 12:10 - 2014-05-11 02:29 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 12:07 - 2014-04-28 12:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\LogMeIn Hamachi - CHIP-Downloader.exe
2014-04-28 00:03 - 2014-04-28 00:03 - 00019968 ___SH () C:\Users\Flo\Downloads\Thumbs.db
2014-04-27 23:55 - 2014-04-27 23:55 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-04-20 22:02 - 2014-04-20 22:03 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\AbiSuite
2014-04-20 22:00 - 2014-05-07 14:29 - 00000000 ____D () C:\Program Files\AbiWord
2014-04-16 22:53 - 2014-04-16 23:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Teeworlds

==================== One Month Modified Files and Folders =======

2014-05-11 11:22 - 2014-05-11 11:21 - 00021198 _____ () C:\Users\Flo\Downloads\FRST.txt
2014-05-11 11:21 - 2014-05-11 11:21 - 01055232 _____ (Farbar) C:\Users\Flo\Downloads\FRST.exe
2014-05-11 11:21 - 2014-05-11 11:21 - 00000000 ____D () C:\FRST
2014-05-11 11:18 - 2011-08-25 23:45 - 01606385 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 11:16 - 2012-01-15 21:50 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Skype
2014-05-11 11:15 - 2014-04-28 12:12 - 00000000 ____D () C:\Users\Flo\AppData\Local\LogMeIn Hamachi
2014-05-11 11:14 - 2014-04-28 12:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:14 - 2011-08-25 18:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-11 11:14 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 11:14 - 2009-07-14 06:39 - 00292305 _____ () C:\Windows\setupact.log
2014-05-11 03:20 - 2011-08-25 21:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\TS3Client
2014-05-11 03:01 - 2012-11-21 15:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 03:01 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 03:01 - 2009-07-14 06:34 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 02:50 - 2013-12-13 16:35 - 00000000 ____D () C:\Users\Flo\AppData\Local\Battle.net
2014-05-11 02:29 - 2014-04-28 12:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 02:11 - 2014-05-10 23:47 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-11 01:03 - 2012-04-17 13:47 - 00000000 ____D () C:\Users\Flo\AppData\Local\PMB Files
2014-05-10 23:47 - 2014-05-10 23:47 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-10 23:47 - 2012-07-25 14:12 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-05-10 23:34 - 2012-05-03 13:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 23:34 - 2011-08-25 18:12 - 04377964 _____ () C:\Windows\PFRO.log
2014-05-10 22:46 - 2014-05-10 22:46 - 00000000 ____D () C:\ProgramData\Licenses
2014-05-10 22:41 - 2014-05-10 22:41 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-05-10 20:15 - 2014-05-10 20:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 19:08 - 2011-08-25 17:46 - 00000000 ____D () C:\Users\Flo
2014-05-10 19:07 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteFinder
2014-05-10 19:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-10 19:06 - 2014-05-10 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-10 19:06 - 2014-05-10 17:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-10 19:06 - 2014-05-10 16:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-10 19:06 - 2014-02-24 08:23 - 00000000 ____D () C:\Users\Flo\AppData\Local\Akamai
2014-05-10 19:06 - 2014-02-18 20:32 - 00000000 ____D () C:\Users\Flo\kk
2014-05-10 19:06 - 2013-12-13 16:35 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Battle.net
2014-05-10 19:06 - 2013-08-06 20:46 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\uTorrent
2014-05-10 19:06 - 2013-02-07 14:48 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DealPly
2014-05-10 19:06 - 2012-12-20 23:51 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\puush
2014-05-10 19:06 - 2012-08-31 15:30 - 00000000 ____D () C:\Windows\system32\WNLT
2014-05-10 19:06 - 2012-08-31 15:30 - 00000000 ____D () C:\Windows\system32\ARFC
2014-05-10 19:06 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-10 19:05 - 2011-08-25 17:58 - 00000000 ____D () C:\ProgramData\DeviceVm
2014-05-10 18:02 - 2011-08-26 11:35 - 00000000 ____D () C:\Users\Flo\AppData\Local\CrashDumps
2014-05-10 18:02 - 2011-08-26 00:42 - 00000000 ____D () C:\Windows\Panther
2014-05-10 17:35 - 2013-08-06 20:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Iminent
2014-05-10 16:11 - 2014-05-10 16:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 21:33 - 2014-01-26 01:19 - 00000000 ____D () C:\Program Files\Hearthstone
2014-05-08 17:55 - 2012-04-17 13:47 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-08 13:06 - 2011-08-25 17:53 - 01651094 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 00:41 - 2012-12-20 23:57 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\.minecraft
2014-05-07 15:07 - 2014-05-07 15:07 - 00000000 ____H () C:\Users\Flo\Documents\Default.rdp
2014-05-07 14:33 - 2011-08-25 20:09 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\DVDVideoSoft
2014-05-07 14:32 - 2012-12-04 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-05-07 14:31 - 2011-08-25 17:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-07 14:30 - 2012-03-14 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-05-07 14:30 - 2012-03-14 21:43 - 00000000 ____D () C:\Nexon
2014-05-07 14:29 - 2014-04-20 22:00 - 00000000 ____D () C:\Program Files\AbiWord
2014-05-07 14:29 - 2012-12-04 16:23 - 00000000 ____D () C:\Program Files\GameforgeLive
2014-05-07 14:21 - 2014-05-07 13:32 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Dev-Cpp
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieUserList
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 __SHD () C:\Users\Flo\AppData\Local\EmieSiteList
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\SimilarSites
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Security Systems
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\BupSystem
2014-05-07 14:02 - 2014-05-07 14:02 - 00000000 ____D () C:\Program Files\SiteLookup
2014-05-07 13:59 - 2014-05-07 13:59 - 00386888 _____ () C:\Users\Flo\Downloads\SoftonicDownloader_for_visual-c.exe
2014-05-07 13:59 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-07 13:47 - 2014-05-07 13:36 - 00000000 ____D () C:\Users\Flo\Desktop\Schule
2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\UpdatusUser\Desktop\Dev-C++.lnk
2014-05-07 13:32 - 2014-05-07 13:32 - 00000944 _____ () C:\Users\Flo\Desktop\Dev-C++.lnk
2014-05-07 13:32 - 2014-05-07 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
2014-05-07 13:30 - 2014-05-07 13:30 - 00000000 ____D () C:\Program Files\Dev-Cpp
2014-05-07 13:26 - 2014-05-07 13:26 - 00629584 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\Orwell Dev C - CHIP-Downloader.exe
2014-05-06 12:00 - 2014-05-06 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 23:08 - 2013-12-13 16:35 - 00000000 ____D () C:\Program Files\Battle.net
2014-05-02 22:54 - 2011-09-13 17:43 - 00212642 _____ () C:\Windows\DPINST.LOG
2014-05-02 12:31 - 2014-05-02 12:29 - 00000000 ____D () C:\Users\Flo\Downloads\world
2014-05-02 12:30 - 2014-05-02 12:29 - 00000665 _____ () C:\Users\Flo\Downloads\server.properties
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\whitelist.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\usercache.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\ops.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-players.json
2014-05-02 12:29 - 2014-05-02 12:29 - 00000002 _____ () C:\Users\Flo\Downloads\banned-ips.json
2014-04-29 18:02 - 2012-11-21 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-29 18:02 - 2011-08-25 20:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 14:48 - 2014-05-02 10:15 - 17384448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 14:34 - 2014-05-02 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-04-28 22:20 - 2014-04-28 22:20 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-04-28 12:12 - 2014-01-20 01:54 - 00000000 ____D () C:\Users\Flo\AppData\Local\Google
2014-04-28 12:12 - 2014-01-20 01:54 - 00000000 ____D () C:\Program Files\Google
2014-04-28 12:07 - 2014-04-28 12:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Flo\Downloads\LogMeIn Hamachi - CHIP-Downloader.exe
2014-04-28 00:03 - 2014-04-28 00:03 - 00019968 ___SH () C:\Users\Flo\Downloads\Thumbs.db
2014-04-27 23:55 - 2014-04-27 23:55 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-04-27 23:55 - 2014-02-18 20:22 - 00000000 ____D () C:\robin
2014-04-27 23:55 - 2014-02-18 20:15 - 00000000 ____D () C:\Neuer Ordner
2014-04-26 13:53 - 2012-08-27 19:59 - 00000000 ____D () C:\Users\Flo\AppData\Local\ArmA 2 OA
2014-04-20 22:03 - 2014-04-20 22:02 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\AbiSuite
2014-04-18 13:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-16 23:53 - 2014-04-16 22:53 - 00000000 ____D () C:\Users\Flo\AppData\Roaming\Teeworlds
2014-04-14 04:11 - 2014-05-06 11:26 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:07 - 2014-05-06 11:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Files to move or delete:
====================
C:\Users\Flo\APB_Reloaded_Installer.exe


Some content of TEMP:
====================
C:\Users\Flo\AppData\Local\Temp\AskSLib.dll
C:\Users\Flo\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Flo\AppData\Local\Temp\cabex.dll
C:\Users\Flo\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Flo\AppData\Local\Temp\EAInstall.dll
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe-5.exe
C:\Users\Flo\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Flo\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Flo\AppData\Local\Temp\Gw2.exe
C:\Users\Flo\AppData\Local\Temp\InstallAX.exe
C:\Users\Flo\AppData\Local\Temp\installhelper.dll
C:\Users\Flo\AppData\Local\Temp\install_flash_player_ax.exe
C:\Users\Flo\AppData\Local\Temp\install_reader10_de_mssd_aih.exe
C:\Users\Flo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Flo\AppData\Local\Temp\mpsetup.exe
C:\Users\Flo\AppData\Local\Temp\NGM.exe
C:\Users\Flo\AppData\Local\Temp\NGMDll.dll
C:\Users\Flo\AppData\Local\Temp\NGMResource.dll
C:\Users\Flo\AppData\Local\Temp\NGMSetup.exe
C:\Users\Flo\AppData\Local\Temp\nvStInst.exe
C:\Users\Flo\AppData\Local\Temp\prismsetup.exe
C:\Users\Flo\AppData\Local\Temp\SHSetup.exe
C:\Users\Flo\AppData\Local\Temp\SimBundD.exe
C:\Users\Flo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Flo\AppData\Local\Temp\SponsOne.exe
C:\Users\Flo\AppData\Local\Temp\su-setup.exe
C:\Users\Flo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Flo\AppData\Local\Temp\unelevate.exe
C:\Users\Flo\AppData\Local\Temp\unicows.dll
C:\Users\Flo\AppData\Local\Temp\uninst.exe
C:\Users\Flo\AppData\Local\Temp\Uninstaller-2036.exe
C:\Users\Flo\AppData\Local\Temp\utt5845.tmp.exe
C:\Users\Flo\AppData\Local\Temp\VARemove.exe
C:\Users\Flo\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Flo\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Flo\AppData\Local\Temp\wpsetup.exe
C:\Users\Flo\AppData\Local\Temp\yta_bu12_setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 19:37

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014
Ran by Flo at 2014-05-11 11:22:21
Running from C:\Users\Flo\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Altitude  (HKLM\...\4578-0181-0549-1546) (Version:  - Nimbly Games)
ARMA 2 Operation Arrowhead Uninstall (HKLM\...\ARMA 2 Operation Arrowhead) (Version:  - )
ArmA 2 Uninstall (HKLM\...\ArmA 2) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{DD864DB0-6A37-49B6-B23D-3B0270571234}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM\...\BattlEye) (Version:  - )
Blue Byte Game Channel (HKLM\...\Blue Byte Game Channel) (Version:  - UbiSoft)
Browser Configuration Utility (HKLM\...\{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}) (Version: 1.0.12.1 - DeviceVM, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM\...\{ADF66435-7A7D-445E-8AF7-7904DD6ED1A7}) (Version: 1.09.75 - Dotjosh Studios)
Dev-C++ (HKLM\...\Dev-C++) (Version: 5.4.0 - )
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version:  - )
Dota 2 (HKLM\...\Steam App 570) (Version:  - )
EPU-4 Engine (HKLM\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
ESET NOD32 Antivirus (HKLM\...\{36DCC61E-53B6-41D4-9590-9894BCE17068}) (Version: 4.2.71.2 - ESET, spol. s r.o.)
FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation)
FireJump (HKLM\...\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1) (Version: 1.0.2.5 - FireJump.net)
FoxTab PDF Creator (HKCU\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION
Foxy Security (HKLM\...\Foxy Security) (Version:  - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
GamersFirst LIVE! (HKLM\...\GamersFirst LIVE!) (Version:  - GamersFirst)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IB Updater Service (HKLM\...\WNLT) (Version: 4.0.7.4 - ) <==== ATTENTION
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM\...\LOLReplay) (Version: 0.8.1.4 - www.leaguereplays.com)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
NC Launcher (GameForge) (HKLM\...\NCLauncher_GameForge) (Version:  - NCsoft)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden
NVIDIA 3D Vision Controller Driver (Version: 270.61 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM\...\{F1944392-5F0A-495D-94E1-CCB09BD1D650}) (Version: 0.26.157 - Overwolf)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
puush (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Razer Synapse 2.0 (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
SiteFinder (HKLM\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION
Six Updater (HKLM\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.1.10441 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony Ericsson PC Companion 1.50.52 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 1.50.52 - Sony Ericsson)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Tribes Ascend (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1055.0 - Hi-Rez Studios)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.221 - TuneUp Software) Hidden
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Update_DealPly (HKCU\...\DealPly) (Version:  - ) <==== ATTENTION
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)

==================== Restore Points  =========================

02-05-2014 08:14:42 Windows Update
06-05-2014 10:00:16 Windows Update
07-05-2014 12:31:24 Entfernt Nail'd
09-05-2014 12:48:36 Windows Update
10-05-2014 17:01:04 Wiederherstellungsvorgang
10-05-2014 17:15:08 Windows Update
10-05-2014 21:47:21 Installed SpyHunter
11-05-2014 00:08:53 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1C6A93BA-9B13-4065-BD58-1D4B9DDDCF6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.)
Task: {373FA0D8-AE6F-43EC-BB06-F002CEE96692} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {3DB22511-A8D0-4354-844E-EA78C9F7AE34} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {819493CC-233C-4593-8831-88C8C45C0906} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {83413AF4-7EC6-48C4-B7C6-4A2D6CEA9B5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-28] (Google Inc.)
Task: {AEB6D200-828B-4F64-ABF9-53728D6B8172} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D37496D7-2010-4B57-8AC5-C71DF414F68A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {DACBCBE2-E89F-4903-B38A-B75950BEB224} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {E1D855F6-E048-4100-B86F-4E7C6CD64628} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:43 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-02-14 21:48 - 2007-08-21 14:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll
2014-05-07 14:02 - 2014-05-07 14:02 - 00374272 _____ () C:\Users\Flo\AppData\Roaming\BupSystem\sub\default.dll
2011-01-10 14:49 - 2011-01-10 14:49 - 00014848 _____ () C:\Program Files\Dokan\DokanLibrary\mounter.exe
2011-08-25 22:33 - 2012-07-25 15:54 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-04-17 20:35 - 2013-04-17 20:35 - 00040960 _____ () C:\Users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2011-08-25 17:58 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
2011-08-25 17:58 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files\ASUS\EPU-4 Engine\vvc.dll
2011-08-25 17:58 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
2011-08-25 17:58 - 2009-09-30 05:33 - 00024576 ____R () C:\Windows\system32\AsIo.dll
2011-08-25 17:58 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2009-07-31 21:39 - 2009-07-31 21:39 - 00503202 _____ () C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
2013-12-18 11:01 - 2013-12-18 11:01 - 00608056 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2012-01-10 15:41 - 2013-07-14 18:43 - 00567880 _____ () C:\Program Files\puush\puush.exe
2014-05-10 20:15 - 2014-05-10 20:15 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2014 07:39:27 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/10/2014 07:38:28 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/10/2014 07:38:26 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/10/2014 05:36:23 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm mbam.exe, Version 1.0.0.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1788

Startzeit: 01cf6c59e409515b

Endzeit: 262

Anwendungspfad: C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: cf53b35f-d858-11e3-bbaf-f46d04dbdb34

Error: (05/10/2014 04:09:26 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0906cd94
ID des fehlerhaften Prozesses: 0x150
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/08/2014 05:56:20 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0a16cd94
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/08/2014 05:56:07 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x534e91e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0a16cd94
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/06/2014 11:24:52 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm javaw.exe, Version 7.0.250.17 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1418

Startzeit: 01cf690cec08d721

Endzeit: 15

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: 419b0adf-d500-11e3-a0ae-f46d04dbdb34

Error: (04/29/2014 04:41:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/29/2014 04:40:13 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (05/11/2014 11:17:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/11/2014 11:17:19 AM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/11/2014 00:34:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/11/2014 00:34:26 AM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/11/2014 00:32:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/11/2014 00:32:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (05/11/2014 00:30:57 AM) (Source: EventLog) (User: ) (EventID: 6008)
Description: Das System wurde zuvor am ‎11.‎05.‎2014 um 00:29:52 unerwartet heruntergefahren.

Error: (05/10/2014 11:37:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (05/10/2014 11:37:12 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/10/2014 07:10:44 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (05/10/2014 07:39:27 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sony ericsson\sony ericsson pc companion\Drivers\DPInst64.exe

Error: (05/10/2014 07:38:28 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe

Error: (05/10/2014 07:38:26 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Drivers\DPInst_amd64.exe

Error: (05/10/2014 05:36:23 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: mbam.exe1.0.0.500178801cf6c59e409515b262C:\Program Files\ Malwarebytes Anti-Malware \mbam.execf53b35f-d858-11e3-bbaf-f46d04dbdb34

Error: (05/10/2014 04:09:26 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050906cd9415001cf6c2e95f4c820C:\Windows\Explorer.EXEbho.dllb14502ca-d84c-11e3-bbaf-f46d04dbdb34

Error: (05/08/2014 05:56:20 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050a16cd9477401cf6aacec3e81f2C:\Windows\Explorer.EXEbho.dll4b96a1ce-d6c9-11e3-b7fa-f46d04dbdb34

Error: (05/08/2014 05:56:07 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.0534e91e7c00000050a16cd9477401cf6aacec3e81f2C:\Windows\Explorer.EXEbho.dll4380819e-d6c9-11e3-b7fa-f46d04dbdb34

Error: (05/06/2014 11:24:52 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: javaw.exe7.0.250.17141801cf690cec08d72115C:\Program Files\Java\jre7\bin\javaw.exe419b0adf-d500-11e3-a0ae-f46d04dbdb34

Error: (04/29/2014 04:41:24 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sony ericsson\sony ericsson pc companion\Drivers\DPInst64.exe

Error: (04/29/2014 04:40:13 PM) (Source: SideBySide) (User: ) (EventID: 33)
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3326.18 MB
Available physical RAM: 1586.84 MB
Total Pagefile: 6650.65 MB
Available Pagefile: 4664.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:183.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2FC30ABD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Wie ich gerade gesehen habe sollte ich es auf dem desktop speichern macht das ihrgent ein wichtigen unterschied ...

schrauber · 12.05.2014, 16:25

Ja bitte auf den Desktop ziehen.

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

LikeaBOSS · 14.05.2014, 14:34

Code:

ATTFilter

ComboFix 14-05-13.01 - Flo 14.05.2014  15:12:32.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3326.1462 [GMT 2:00]
ausgeführt von:: c:\users\Flo\downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-14 bis 2014-05-14  ))))))))))))))))))))))))))))))
.
.
2014-05-14 13:23 . 2014-05-14 13:23	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-14 13:23 . 2014-05-14 13:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-14 13:06 . 2014-05-14 13:06	--------	d-----w-	c:\program files\LogMeIn Hamachi
2014-05-13 09:54 . 2014-05-14 13:20	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{298CE013-FCC9-4504-AFC3-0424E07E4F82}\offreg.dll
2014-05-13 09:52 . 2014-05-13 09:52	--------	d-----w-	c:\program files\VS Revo Group
2014-05-13 09:46 . 2014-04-17 03:32	8050496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{298CE013-FCC9-4504-AFC3-0424E07E4F82}\mpengine.dll
2014-05-12 16:19 . 2014-05-12 16:19	--------	d-----w-	c:\program files\TERA
2014-05-11 14:51 . 2014-05-11 14:51	--------	d-----w-	c:\users\Flo\AppData\Roaming\TERA
2014-05-11 09:21 . 2014-05-11 09:22	--------	d-----w-	C:\FRST
2014-05-10 21:47 . 2014-05-10 21:47	--------	d-----w-	c:\program files\Enigma Software Group
2014-05-10 21:47 . 2014-05-11 00:11	--------	d-----w-	c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-05-10 20:46 . 2014-05-10 20:46	--------	d-----w-	c:\programdata\Licenses
2014-05-10 20:41 . 2014-05-10 20:41	--------	d-----w-	c:\programdata\Simply Super Software
2014-05-10 15:49 . 2014-05-10 17:06	--------	d-----w-	c:\program files\CCleaner
2014-05-10 14:11 . 2014-05-10 14:11	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-10 14:11 . 2014-05-10 17:06	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-----w-	c:\program files\SiteLookup
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-----w-	c:\users\Flo\AppData\Roaming\SimilarSites
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-----w-	c:\users\Flo\AppData\Roaming\BupSystem
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-sh--w-	c:\users\Flo\AppData\Local\EmieUserList
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-sh--w-	c:\users\Flo\AppData\Local\EmieSiteList
2014-05-07 12:02 . 2014-05-07 12:02	--------	d-----w-	c:\users\Flo\AppData\Roaming\Security Systems
2014-05-07 11:32 . 2014-05-07 12:21	--------	d-----w-	c:\users\Flo\AppData\Roaming\Dev-Cpp
2014-05-07 11:30 . 2014-05-07 11:30	--------	d-----w-	c:\program files\Dev-Cpp
2014-05-06 10:00 . 2014-05-06 10:00	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-06 09:26 . 2014-04-14 02:11	361984	----a-w-	c:\windows\system32\aepdu.dll
2014-05-06 09:26 . 2014-04-14 02:07	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-05-02 08:15 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-04-28 10:12 . 2014-05-14 13:06	--------	d-----w-	c:\users\Flo\AppData\Local\LogMeIn Hamachi
2014-04-20 20:02 . 2014-04-20 20:03	--------	d-----w-	c:\users\Flo\AppData\Roaming\AbiSuite
2014-04-20 20:00 . 2014-05-07 12:29	--------	d-----w-	c:\program files\AbiWord
2014-04-16 20:53 . 2014-04-16 21:53	--------	d-----w-	c:\users\Flo\AppData\Roaming\Teeworlds
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 20:01 . 2012-11-21 13:47	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-13 20:01 . 2011-08-25 18:04	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-09 02:52 . 2014-04-09 02:52	130088	----a-w-	c:\windows\system32\drivers\rzudd.sys
2014-04-09 02:24 . 2014-04-09 02:24	88576	----a-w-	c:\windows\system32\rzdevinfo.dll
2014-04-09 02:24 . 2014-04-09 02:24	154624	----a-w-	c:\windows\system32\rztouchdll.dll
2014-04-09 02:24 . 2014-04-09 02:24	117248	----a-w-	c:\windows\system32\rzdisplaydll.dll
2014-04-09 02:24 . 2014-04-09 02:24	856576	----a-w-	c:\windows\system32\rzdevicedll.dll
2014-04-09 02:24 . 2014-04-09 02:24	306688	----a-w-	c:\windows\system32\rzaudiodll.dll
2014-03-31 07:35 . 2011-10-26 15:23	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-03-06 08:31 . 2014-04-09 13:43	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-09 13:43	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-09 13:43	455168	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-09 13:43	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-09 13:43	4254720	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-09 13:43	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-09 13:43	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-09 13:43	592896	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-09 13:43	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-09 13:43	32256	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-09 13:43	1967104	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-09 13:43	1789440	----a-w-	c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="c:\program files\puush\puush.exe" [2013-07-14 567880]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Akamai NetSession Interface"="c:\users\Flo\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"Ocs_SM"="c:\users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-04-17 106496]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2014-04-17 585048]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_DE\PrePatch.exe" [2012-04-30 327680]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2014-1-23 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\steam.exe" -silent
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
"KPeerNexonEU"=c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 bupService;BUP Service;c:\users\Flo\AppData\Roaming\BupSystem\bup.exe [2014-04-14 642048]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Flo\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-04-17 40960]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2013-08-18 49152]
R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\\OverwolfUpdater.exe [2011-11-20 16616]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2011-07-13 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2011-07-13 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2011-07-13 21872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 95744]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 1682768]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 375056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2013-12-18 1742136]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2012-08-24 17184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2014-04-09 130088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-12-16 12320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-12 14:29	1078088	----a-w-	c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-21 20:01]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 10:10]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 10:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: Web-Suche - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-14  15:24:54
ComboFix-quarantined-files.txt  2014-05-14 13:24
.
Vor Suchlauf: 17 Verzeichnis(se), 194.017.374.208 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 194.197.348.352 Bytes frei
.
- - End Of File - - 72B6777C4C21FD254C8A9AB700EDF0F0
A36C5E4F47E84449FF07ED3517B43A31

Neustart lief ohne Probleme und gemekert hat das Programm auch net

schrauber · 15.05.2014, 09:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Windows 7 JS/Kryptik.I Trojaner

Log-Analyse und Auswertung: Windows 7 JS/Kryptik.I Trojaner