Fastsearchings.info und vermutlich weitere Viren

stehmi · 10.07.2014, 15:28

Hallo,

seit heute morgen öffnet sich Google Chrome mit der Startseite hxxp://websearch.fastsearchings.info/, wie ich festgestellt habe wohl ein Virus.
Habe zunächst mit Malwarebytes Anti-Malware einen Scan gestartet, wobei noch einige weitere infizierte Objekte ausgemacht wurden (insgesamt etwa 70), diese habe ich dann allesamt in Quarantäne verschoben.

Habe mich nun hier registriert da ich via Google auf folgende Anleitung gestoßen bin.

http://www.trojaner-board.de/155937-...entfernen.html

Jedoch finde ich schon beim entfernen aus dem Chrome-Browser in den Erweiterungen keinen Hinweis auf den Fastsearchings Virus. Würde mich freuen wenn sich jemand findet der mir dabei hilft das ganze wieder hinzubiegen. Danke schon mal im voraus

Mfg stehmi

Logfile Malwarebytes Anti-Malware-Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 10.07.2014
Scan Time: 14:47:42
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.10.03
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Lars Stehmann

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374343
Time Elapsed: 1 hr, 0 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\SW-BOOSTER.EXE, 2416, , [21ba108db5c6e254fe749db0887aad53]

Modules: 4
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [33a8c1dced8e0333dd8d21408e73d729], 
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [5685227b7605c0762049075a51b004fc], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Registry Keys: 40
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-792098896, , [21ba108db5c6e254fe749db0887aad53], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\priCiechopi.priCiechopi, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\priCiechopi.priCiechopi.3.9, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priCiechopi.priCiechopi, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priCiechopi.priCiechopi.3.9, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}\INPROCSERVER32, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}\INPROCSERVER32, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker.1.0, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker.1.0, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}\INPROCSERVER32, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [da016c3192e92610a3c42c6cb74a8779], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}, , [5b80336a5e1df1455e09c8d04eb3e818], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}, , [19c21c81b3c87fb75512ff9912ef9b65], 
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, , [6e6d4558295242f45c3889334bb7b749], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, , [8a51554857244ee82b1e1b9e45bd32ce], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [9c3f3766f38878bec786847e31d33fc1], 

Registry Values: 1
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [4695336a057693a32b2314ee49bbac54]

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56, Good: (www.google.com), Bad: (hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56),,[b724a7f6ccafd066992f454bf2123ec2]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56, Good: (www.google.com), Bad: (hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56),,[805b7e1f097296a0f3d4632d19eb827e]

Folders: 3
PUP.Optional.Booster.A, C:\PROGRAMDATA\TRUSTED PUBLISHER\SW-BOOSTER, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\PROGRAMDATA\TRUSTED PUBLISHER\SW-BOOSTER\792098896, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\PROGRAM FILES (X86)\SW-BOOSTER, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Files: 28
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [33a8c1dced8e0333dd8d21408e73d729], 
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [5685227b7605c0762049075a51b004fc], 
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\SW-BOOSTER.EXE, , [21ba108db5c6e254fe749db0887aad53], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCechhoP\YHS.X64.DLL, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCechhoP\YHs.dll, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\T.X64.DLL, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\T.dll, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Adblocker\F.X64.DLL, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Adblocker\F.dll, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug, C:\ProgramData\Adblocker\ej.exe, , [da016c3192e92610a3c42c6cb74a8779], 
PUP.Optional.MultiPlug, C:\ProgramData\MySearch\xh.exe, , [5b80336a5e1df1455e09c8d04eb3e818], 
PUP.Optional.MultiPlug, C:\ProgramData\priCechhoP\s8ss.exe, , [19c21c81b3c87fb75512ff9912ef9b65], 
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-2565124892-2511412510-2458214724-1004\$RLQ7CRD.exe, , [4299ff9eed8e50e6cebd450fee13fb05], 
PUP.Optional.EZDownloader.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\EzDownloader_setup.exe, , [1ac145581e5da591851ae43b619f7888], 
PUP.Optional.MultiPlug.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\hpds_setup.exe, , [c318d8c59cdfe74f46c195069d64d22e], 
Trojan.SProtector, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\putfu.exe, , [ab300a93fd7efe38df35d483748d7f81], 
PUP.Optional.Booster.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\usetup.exe, , [ce0d217cfa813ef8de948ebf8a7830d0], 
PUP.Optional.DomaIQ, C:\Users\Lars Stehmann\Downloads\Nicht bestätigt 292945.crdownload, , [8c4fa4f916656dc904215e2aa1601be5], 
PUP.Optional.Booster.A, C:\Windows\Tasks\SW-BOOSTER-S-792098896.JOB, , [e0fbdac314676bcbd2d4486e32d0bf41], 
PUP.Optional.Booster.A, C:\Windows\System32\Tasks\SW-BOOSTER-S-792098896, , [17c45548e695d46205a24670b84afd03], 
PUP.Optional.Superfish.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.SUPERFISH.COM_0.LOCALSTORAGE, , [6b70b2eb6b10a096ac15972e04fe748c], 
PUP.Optional.Superfish.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.SUPERFISH.COM_0.LOCALSTORAGE-JOURNAL, , [9b4077262f4c9f97269b70555aa8bc44], 
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE, , [d7040598c5b67db91c600113986c768a], 
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE-JOURNAL, , [ffdcc8d51d5e54e2acd0fb19c73d2fd1], 
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\792098896.ini, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\assistantSvc.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant_x64.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Physical Sectors: 0
(No malicious items detected)


(end)

M-K-D-B · 10.07.2014, 15:29

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

stehmi · 10.07.2014, 15:41

Hallo Matthias, danke schon mal für deine Hilfe.

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Lars Stehmann (administrator) on LARSSTEHMANN on 10-07-2014 16:35:10
Running from C:\Users\Lars Stehmann\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-24] (APN)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
AppInit_DLLs: C:\Program Files (x86)\SW-Booster\Assistant_x64.dll => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll File Not Found
AppInit_DLLs-x32: c:\program files (x86)\sw-booster\assistant.dll => "c:\program files (x86)\sw-booster\assistant.dll" File Not Found
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk
ShortcutTarget: FIFA 10-Registrierung.lnk -> C:\Program Files (x86)\EA Sports\FIFA 10\Support\EAregister.exe (No File)
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
SearchScopes: HKLM-x32 - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-13]

Chrome: 
=======
CHR HomePage: hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
CHR StartupUrls: "hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56"
CHR NewTab: "chrome-extension://anjpmpempfaedkaamogooccadhhdehed/newtab.html"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.6.48&doi=2014-05-29&apn_uid=DC1D0E09-3C3F-4C56-96B0-8B28C5A31BDE&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.114&psv=&pt=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (MySearch) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Google-Suche) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Google Mail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 d0e87c27; "C:\windows\system32\rundll32.exe" "c:\program files (x86)\sw-booster\assistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-13] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [513184 2013-01-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\ENG64.SYS [126192 2013-01-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\EX64.SYS [2087664 2013-01-28] (Symantec Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 16:35 - 2014-07-10 16:35 - 00019656 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:34 - 2014-07-10 16:35 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-10 16:33 - 02084352 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:43 - 2014-07-10 14:45 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 14:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 14:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 14:33 - 2014-07-10 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 14:15 - 2014-07-10 15:54 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 14:15 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-10 14:15 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 14:14 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-09 18:11 - 2014-07-09 18:13 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 20:00 - 2014-07-06 22:12 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-06 18:21 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-06 18:21 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-06 18:21 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-06 18:21 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-06 18:21 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-28 10:41 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 10:41 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 18:38 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-25 18:38 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-25 18:37 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-25 18:37 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-25 18:37 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-25 18:37 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-25 18:37 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-25 18:37 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-25 18:37 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-25 18:37 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-25 18:37 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-25 18:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-25 18:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-25 18:37 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-25 18:37 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-25 18:37 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-25 18:37 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-25 18:37 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-25 18:34 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-25 18:34 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-25 18:34 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-25 18:34 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-25 18:34 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-25 18:33 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-25 18:33 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-25 18:30 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-25 18:30 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-25 18:30 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-25 18:22 - 2014-06-25 18:22 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\AskPartnerNetwork
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 22:13 - 2014-06-21 12:09 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 20:18 - 2014-06-21 18:25 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-20 11:11 - 2014-06-21 13:20 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-19 13:47 - 2014-07-10 15:53 - 00013755 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-06-10 22:27 - 2014-06-10 22:27 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Lars Stehmann\Downloads\Shockwave_Installer_Slim.exe
2014-06-10 22:27 - 2014-06-10 22:27 - 00000000 ____D () C:\windows\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

2014-07-10 16:35 - 2014-07-10 16:35 - 00019656 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:35 - 2014-07-10 16:34 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-10 16:33 - 02084352 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 16:21 - 2012-12-17 10:40 - 00001150 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 16:21 - 2012-08-31 06:42 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-10 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-10 15:59 - 2012-08-31 06:28 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-10 15:57 - 2013-11-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-10 15:56 - 2014-03-12 18:40 - 00000000 ___RD () C:\Users\Lars Stehmann\Google Drive
2014-07-10 15:56 - 2012-12-13 19:56 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\CrashDumps
2014-07-10 15:55 - 2012-12-17 10:40 - 00001146 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 15:54 - 2014-07-10 14:15 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 15:54 - 2012-08-05 23:07 - 00030380 _____ () C:\windows\PFRO.log
2014-07-10 15:54 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-10 15:54 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-10 15:53 - 2014-06-19 13:47 - 00013755 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 15:52 - 2014-07-10 14:15 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-10 15:52 - 2014-07-10 14:15 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:45 - 2014-07-10 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:34 - 2014-07-10 14:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Google
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-09 22:50 - 2014-04-21 23:54 - 00000129 _____ () C:\Users\Lars Stehmann\Desktop\FoMa.txt
2014-07-09 18:13 - 2014-07-09 18:11 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-09 13:45 - 2014-02-13 20:31 - 00088904 _____ () C:\Users\Lars Stehmann\Desktop\napoli.ods
2014-07-09 09:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-08 18:28 - 2012-08-31 05:24 - 01366359 _____ () C:\windows\WindowsUpdate.log
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 15:27 - 2014-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 22:13 - 2013-05-23 18:42 - 00070144 ___SH () C:\Users\Lars Stehmann\Downloads\Thumbs.db
2014-07-06 22:12 - 2014-07-06 20:00 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-06 19:35 - 2012-08-31 06:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-06 18:24 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-05 22:51 - 2012-12-13 20:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565124892-2511412510-2458214724-1004
2014-07-03 12:49 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-29 16:57 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-06-27 18:36 - 2013-10-01 09:05 - 00000000 ____D () C:\windows\system32\MRT
2014-06-27 18:33 - 2012-12-15 14:10 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-25 18:22 - 2014-06-25 18:22 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\AskPartnerNetwork
2014-06-25 11:49 - 2013-10-01 08:24 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\Neuer Ordner
2014-06-24 12:49 - 2012-12-17 00:59 - 00766976 ___SH () C:\Users\Lars Stehmann\Desktop\Thumbs.db
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-21 18:25 - 2014-06-20 20:18 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-21 13:20 - 2014-06-20 11:11 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-21 12:09 - 2014-06-20 22:13 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 21:35 - 2014-03-10 16:29 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\4.Semester
2014-06-18 00:16 - 2012-12-17 10:40 - 00004122 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 00:16 - 2012-12-17 10:40 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-13 04:10 - 2014-06-08 22:51 - 02978373 _____ () C:\Users\Lars Stehmann\Desktop\wm2014_tippspiel.ods
2014-06-10 22:27 - 2014-06-10 22:27 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Lars Stehmann\Downloads\Shockwave_Installer_Slim.exe
2014-06-10 22:27 - 2014-06-10 22:27 - 00000000 ____D () C:\windows\SysWOW64\Adobe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Lars Stehmann\AppData\Local\Temp\8123nua.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\APNSetup.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 18:06

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Lars Stehmann at 2014-07-10 16:37:35
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53460839-526B-5CEC-011C-6F01CE411CF1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Next Generation Tennis 2003 (HKLM-x32\...\{1B29C0BE-AEB2-408C-BAA6-A4EE6CC8577C}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProjectLibre (HKLM-x32\...\{73C751CF-B4B9-4757-BDBC-0B3A5B16B531}) (Version: 1.5.17.0 - ProjectLibre)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Race Driver 2 Online Demo (x32 Version: 1.03.0010 - Codemasters) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

08-06-2014 17:06:07 Installiert Next Generation Tennis 2003
18-06-2014 08:09:27 Geplanter Prüfpunkt
27-06-2014 16:31:27 Windows Update
06-07-2014 16:18:55 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0200E3AC-B15B-43A3-A026-5B6CD38D9279} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {022D5CA9-2218-474D-8D74-74FA85A00C15} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {081B14FF-6015-4C08-B021-226A9772CB2E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0E9D97A1-A465-48D0-BA55-C025FCF94F82} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {15BC6E8E-3BF9-40C9-ABE3-341F810187C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {24855140-4344-42DC-86C1-89E8CD842538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7AE68E7D-23D7-4A63-AB11-00939156AE17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7CFC0557-5ABF-4159-B64D-0C1DF9516AE1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {813ADBC4-08C7-4BB2-ABCE-FAF70AA196CC} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {8D27BE66-6B75-450B-8FEC-9DA0CFE59F1C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A49545EA-F214-4B28-8E8E-6F3CBBE262DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5B68FFB-D29A-4B8E-B719-59186C341708} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-27] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0F186F-5F9A-41B2-9456-C782B547FEEA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {CBD4CA57-F0CE-44D2-AB53-BD16C65D4CFE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D7B2CB40-9DD3-4BC3-BE50-72A6649DB198} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 11:48 - 2012-08-26 11:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-28 15:27 - 2014-05-28 15:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 03:22 - 2012-08-08 03:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00098816 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32api.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00110080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pywintypes27.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00364544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pythoncom27.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00045568 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_socket.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01160704 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_ssl.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00320512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32com.shell.shell.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00713216 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_hashlib.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01175040 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._core_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00805888 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._gdi_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00811008 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._windows_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01062400 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._controls_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00735232 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._misc_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00128512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_elementtree.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00127488 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pyexpat.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00557056 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pysqlite2._sqlite.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00007168 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\hashobjs_ext.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00087552 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_ctypes.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00119808 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32file.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00108544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32security.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00018432 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32event.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00038912 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32inet.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00070656 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._html2.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00167936 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32gui.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00011264 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32crypt.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00027136 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_multiprocessing.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00122368 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._wizard.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00010240 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\select.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00024064 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32pipe.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00686080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\unicodedata.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00025600 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32pdh.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00525640 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\windows._lib_cacheinvalidation.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00035840 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32process.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00017408 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32profile.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00022528 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32ts.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00078336 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._animate.pyd
2014-06-14 09:18 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-05-02 09:55 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 03:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/10/2014 02:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x16ec
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 02:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x151c
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/10/2014 02:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500, Zeitstempel: 0x5028bfc0
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e974e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f035
ID des fehlerhaften Prozesses: 0x538
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (07/10/2014 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xa18
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 10:07:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x5bc
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/09/2014 10:02:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LarsStehmann)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/09/2014 08:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Name des fehlerhaften Moduls: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Ausnahmecode: 0x40000015
Fehleroffset: 0x01df6583
ID des fehlerhaften Prozesses: 0x1274
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3
Vollständiger Name des fehlerhaften Pakets: fm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fm.exe5

Error: (07/09/2014 08:01:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LiveComm.exe, Version: 17.0.1119.516, Zeitstempel: 0x519504e1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0xLiveComm.exe0
Pfad der fehlerhaften Anwendung: LiveComm.exe1
Pfad des fehlerhaften Moduls: LiveComm.exe2
Berichtskennung: LiveComm.exe3
Vollständiger Name des fehlerhaften Pakets: LiveComm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveComm.exe5


System errors:
=============
Error: (07/10/2014 03:57:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/10/2014 03:55:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SW-Sustainer erreicht.

Error: (07/10/2014 03:54:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/10/2014 10:05:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/10/2014 03:28:40 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT-AUTORITÄT)
Description: 9\_TZ.TZ002014-07-10T01:28:40.065470200Z463

Error: (07/09/2014 09:25:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/08/2014 09:31:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/08/2014 09:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎07.‎2014 um 18:14:55 unerwartet heruntergefahren.

Error: (07/08/2014 09:53:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/07/2014 09:35:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================
Error: (07/10/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835d1401cf9c46b215a57fC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe08157919-083a-11e4-bf2d-50b7c32e28bd

Error: (07/10/2014 03:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc7b001cf9c468d83770fC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exedeeff7b7-0839-11e4-bf2d-50b7c32e28bd

Error: (07/10/2014 02:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383516ec01cf9c3a1c4c8c49C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe5a258f73-082d-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 02:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc151c01cf9c39f7e847daC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe38b24196-082d-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 02:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin3.4.9593.5005028bfc0RPCRT4.dll6.2.9200.16622519e974ec00000050001f03553801cf9c1b9706e170C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\windows\SYSTEM32\RPCRT4.dll28b89091-082c-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835a1801cf9c16081fc873C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe7741fd44-0809-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 10:07:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc5bc01cf9c15e3b591ddC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe4dd35602-0809-11e4-bf2c-50b7c32e28bd

Error: (07/09/2014 10:02:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LarsStehmann)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174

Error: (07/09/2014 08:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe14.3.1.289445342f333fm.exe14.3.1.289445342f3334000001501df6583127401cf9b8b96aef054C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exede6fd669-0796-11e4-bf2b-50b7c32e28bd

Error: (07/09/2014 08:01:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveComm.exe17.0.1119.516519504e1unknown0.0.0.000000000c00000050000000000000000e2001cf9b4729e88c7aC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeunknownfe2ccf0b-0792-11e4-bf2b-50b7c32e28bdmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3675.78 MB
Available physical RAM: 2303.15 MB
Total Pagefile: 5467.78 MB
Available Pagefile: 3856.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.08 GB) (Free:369.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D35F083E)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 10.07.2014, 17:19

Servus,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

stehmi · 11.07.2014, 00:10

Während Combofix lief musste ich den Laptop einmal wieder anschmeißen, da der sich wohl in den Standby Modus begegeben hatte, keine Ahnung inwieweit das jetzt den Prozess behindert haben könnte. Ansonsten gab es jedenfalls keine Beanstandungen von Combofix.

Hier das LogFile.

Code:

ATTFilter

ComboFix 14-07-08.04 - Lars Stehmann 11.07.2014   0:26.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3676.2584 [GMT 2:00]
ausgeführt von:: c:\users\Lars Stehmann\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_ctypes.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_elementtree.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_hashlib.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_multiprocessing.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_socket.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_ssl.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\hashobjs_ext.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pyexpat.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pysqlite2._sqlite.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\python27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pythoncom27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\PyWinTypes27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\select.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\unicodedata.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32api.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32com.shell.shell.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32crypt.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32event.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32file.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32gui.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32inet.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32pdh.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32pipe.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32process.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32profile.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32security.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32ts.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\windows._lib_cacheinvalidation.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._animate.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._controls_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._core_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._gdi_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._html2.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._misc_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._windows_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._wizard.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxbase294u_net_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxbase294u_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_adv_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_core_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_html_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_webview_vc90.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-10 bis 2014-07-10  ))))))))))))))))))))))))))))))
.
.
2014-07-10 22:47 . 2014-07-10 22:47	--------	d-----w-	c:\users\Lars\AppData\Local\temp
2014-07-10 22:47 . 2014-07-10 22:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-10 14:34 . 2014-07-10 14:38	--------	d-----w-	C:\FRST
2014-07-10 12:43 . 2014-07-10 22:03	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 12:38 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-10 12:38 . 2014-07-10 12:38	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 12:38 . 2014-07-10 12:38	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-10 12:38 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-10 12:38 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-10 12:16 . 2014-07-10 13:52	--------	d-----w-	c:\programdata\MySearch
2014-07-10 12:16 . 2014-07-10 13:52	--------	d-----w-	c:\program files (x86)\MySearch
2014-07-10 12:15 . 2014-07-10 13:54	--------	d-----w-	c:\programdata\Trusted Publisher
2014-07-10 12:15 . 2014-07-10 13:52	--------	d-----w-	c:\programdata\Adblocker
2014-07-10 12:15 . 2014-07-10 13:52	--------	d-----w-	c:\program files (x86)\Adblocker
2014-07-06 18:01 . 2014-07-06 18:01	--------	d-----w-	c:\users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 18:00 . 2014-07-06 20:12	--------	d-----w-	c:\users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 17:58 . 2014-07-06 17:58	--------	d-----w-	c:\program files\VideoLAN
2014-07-06 16:21 . 2014-05-15 01:02	59424	----a-w-	c:\windows\system32\wuauclt.exe
2014-07-06 16:21 . 2014-05-14 22:43	3286528	----a-w-	c:\windows\system32\wuaueng.dll
2014-07-06 16:21 . 2014-05-14 22:43	1623040	----a-w-	c:\windows\system32\wucltux.dll
2014-07-06 16:21 . 2014-05-14 22:42	176640	----a-w-	c:\windows\system32\storewuauth.dll
2014-07-06 16:21 . 2014-05-14 22:43	253440	----a-w-	c:\windows\system32\WUSettingsProvider.dll
2014-07-01 06:28 . 2014-07-01 06:28	257704	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-28 08:41 . 2014-05-31 05:16	703992	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-28 08:41 . 2014-05-31 05:16	105464	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-25 16:38 . 2014-05-03 05:47	3246592	----a-w-	c:\windows\system32\rdpcorets.dll
2014-06-25 16:38 . 2014-05-03 03:34	235520	----a-w-	c:\windows\system32\rdpudd.dll
2014-06-25 16:34 . 2014-05-24 02:46	3958784	----a-w-	c:\windows\system32\jscript9.dll
2014-06-25 16:34 . 2014-05-24 02:46	2650112	----a-w-	c:\windows\system32\iertutil.dll
2014-06-25 16:33 . 2014-05-24 01:25	2862080	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-06-25 16:33 . 2014-05-24 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-06-25 16:30 . 2014-04-03 11:22	2233176	----a-w-	c:\windows\system32\drivers\tcpip.sys
2014-06-25 16:30 . 2014-03-07 00:47	1419264	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-06-25 16:30 . 2014-03-07 00:08	1845760	----a-w-	c:\windows\system32\msxml3.dll
2014-06-25 16:22 . 2014-06-25 16:22	--------	d-----w-	c:\users\Lars Stehmann\AppData\Local\AskPartnerNetwork
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-27 16:33 . 2012-12-15 12:10	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-05-07 13:02 . 2014-05-29 18:40	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 15:44 . 2014-06-05 22:24	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2014-04-25 15:44 . 2014-06-05 22:24	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2014-04-25 15:44 . 2014-06-05 22:24	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2014-04-25 15:44 . 2014-06-05 22:24	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-25 15:44 . 2014-06-05 22:24	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2014-04-19 09:39 . 2014-05-26 14:23	628024	----a-w-	c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-26 14:23	693760	----a-w-	c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-26 14:23	163840	----a-w-	c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-26 14:23	566784	----a-w-	c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-26 14:23	124928	----a-w-	c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 13:00 . 2014-04-18 13:00	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-04-12 09:27 . 2014-05-26 11:38	172888	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-26 11:38	578048	----a-w-	c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-26 11:38	208896	----a-w-	c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-26 11:38	1043968	----a-w-	c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-26 11:38	94720	----a-w-	c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-26 11:38	588288	----a-w-	c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-26 11:38	318464	----a-w-	c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-26 11:38	1281536	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-26 11:38	439808	----a-w-	c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-26 11:38	827904	----a-w-	c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-26 11:38	20480	----a-w-	c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-26 11:38	178688	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-26 11:38	961536	----a-w-	c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-26 11:38	76800	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-26 11:38	452608	----a-w-	c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-26 11:38	273920	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-26 11:38	666624	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-26 11:38	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-26 11:38	14848	----a-w-	c:\windows\system32\workerdd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-06-30 1753280]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-07-10 2995904]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-06-23 1956760]
.
c:\users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 d0e87c27;SW-Sustainer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SymELAM.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00B\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 07:16	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-10 c:\windows\Tasks\Xerox PhotoCafe Communicator.job
- c:\programdata\Xerox PhotoCafe\MessageCheck.exe [2011-10-26 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-10 13191824]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk - c:\program files (x86)\EA Sports\FIFA 10\Support\EAregister.exe /remind /language=DE /PRID="ODS:15691.110.Base Product" /WHPR="FIFA 10" /PRNM="Electronic Arts Product"
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Samsung\Settings\sSettings.exe
c:\program files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\program files (x86)\Samsung\SW Update\SWMAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11  00:59:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-10 22:59
.
Vor Suchlauf: 8 Verzeichnis(se), 400.998.236.160 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 405.860.462.592 Bytes frei
.
- - End Of File - - BA4305F3FDC17A547645843893401F6D
5FB38429D5D77768867C76DCBDB35194

M-K-D-B · 11.07.2014, 11:25

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

stehmi · 11.07.2014, 16:55

Schritt 1 und 2 habe ich wie beschrieben durchgeführt. Den Scan mit der zoek.exe habe ich dann gegen Mittag laufen lassen bis mir dann nach etwa 3 1/2 ohne Ergebnisse leider der Saft ausging. Auch jetzt läuft der Scan seit dem ich wieder zuhause bin seit etwa einer Stunde, hängt aber beim Schritt "Remove From Windows Installer" fest. Benötigt es da tatsächlich so viel Geduld oder läuft da vielleicht irgendwas verkehrt?

M-K-D-B · 11.07.2014, 18:10

Wenn nach einer Stunde nix geht, dann lass es gut sein und mach mit FRST weiter.

stehmi · 11.07.2014, 18:36

Hier dann die Logdateien.

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.215 - Bericht erstellt am 11/07/2014 um 12:45:11
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Lars Stehmann - LARSSTEHMANN
# Gestartet von : C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : d0e87c27

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Adblocker
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\Adblocker
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Lars\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Lars\AppData\Local\torch
Ordner Gelöscht : C:\Users\Lars Stehmann\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Lars Stehmann\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Lars Stehmann\AppData\Local\torch
Ordner Gelöscht : C:\Users\Lars Stehmann\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Lars Stehmann\AppData\Roaming\pdfforge

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
Gelöscht [Homepage] : hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
Gelöscht [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [4170 octets] - [11/07/2014 12:42:28]
AdwCleaner[S0].txt - [3824 octets] - [11/07/2014 12:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3884 octets] ##########

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 11.07.2014
Suchlauf-Zeit: 12:54:48
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.11.04
Rootkit Datenbank: v2014.07.09.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Lars Stehmann

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 364264
Verstrichene Zeit: 23 Min, 12 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE, In Quarantäne, [4ef26b33720949ed4c6bb56064a04db3], 
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE-JOURNAL, In Quarantäne, [80c09a0432499c9a31869e77fb09bd43], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Lars Stehmann (administrator) on LARSSTEHMANN on 11-07-2014 19:24:45
Running from C:\Users\Lars Stehmann\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR NewTab: "chrome-extension://anjpmpempfaedkaamogooccadhhdehed/newtab.html"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.6.48&doi=2014-05-29&apn_uid=DC1D0E09-3C3F-4C56-96B0-8B28C5A31BDE&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.114&psv=&pt=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (MySearch) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Google-Suche) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Google Mail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-13] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [513184 2013-01-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\ENG64.SYS [126192 2013-01-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\EX64.SYS [2087664 2013-01-28] (Symantec Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 16:57 - 2014-07-11 13:31 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:31 - 2014-07-11 16:57 - 00000363 _____ () C:\zoek-results.log
2014-07-11 13:29 - 2014-07-11 16:57 - 00000472 _____ () C:\runcheck.txt
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 12:51 - 2014-07-11 12:52 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-11 12:42 - 2014-07-11 12:45 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:40 - 2014-07-11 12:41 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 01:11 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 01:11 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 01:11 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 01:11 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-11 01:11 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-11 01:11 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-11 01:11 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-11 01:11 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-11 01:11 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-11 01:11 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-11 01:10 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-11 01:10 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 01:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-11 01:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 01:08 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 01:08 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 01:08 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-11 01:08 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 01:07 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 01:07 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 00:20 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-11 00:20 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-11 00:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-11 00:19 - 2014-07-11 01:00 - 00000000 ____D () C:\Qoobox
2014-07-11 00:18 - 2014-07-11 00:54 - 00000000 ____D () C:\windows\erdnt
2014-07-10 23:49 - 2014-07-10 23:50 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 16:37 - 2014-07-10 16:38 - 00037842 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-10 16:35 - 2014-07-11 19:25 - 00018281 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:34 - 2014-07-11 19:24 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-11 19:22 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:43 - 2014-07-11 13:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 14:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 14:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 14:33 - 2014-07-10 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 14:15 - 2014-07-10 15:54 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 14:14 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-09 18:11 - 2014-07-09 18:13 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-07 18:34 - 2014-07-11 10:17 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-07 18:34 - 2014-07-11 10:16 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-07 18:34 - 2014-07-11 10:16 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-07 18:33 - 2014-07-11 10:17 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-07 18:32 - 2014-07-11 10:17 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-07 18:32 - 2014-07-11 10:17 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-07 18:32 - 2014-07-11 10:16 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 20:00 - 2014-07-06 22:12 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-25 18:38 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-25 18:38 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-25 18:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-25 18:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-25 18:37 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-25 18:37 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-25 18:37 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-25 18:37 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-25 18:37 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-25 18:30 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-25 18:30 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-25 18:30 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 22:13 - 2014-06-21 12:09 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 20:18 - 2014-06-21 18:25 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-20 11:11 - 2014-06-21 13:20 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-19 13:47 - 2014-07-11 12:41 - 00015241 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods

==================== One Month Modified Files and Folders =======

2014-07-11 19:25 - 2014-07-10 16:35 - 00018281 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-11 19:24 - 2014-07-10 16:34 - 00000000 ____D () C:\FRST
2014-07-11 19:24 - 2012-08-31 06:28 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-11 19:23 - 2014-03-12 18:40 - 00000000 ___RD () C:\Users\Lars Stehmann\Google Drive
2014-07-11 19:23 - 2012-12-13 19:56 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\CrashDumps
2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 19:22 - 2014-07-10 16:33 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-11 19:22 - 2013-11-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-11 19:21 - 2012-08-31 06:42 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-11 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-11 16:57 - 2014-07-11 13:31 - 00000363 _____ () C:\zoek-results.log
2014-07-11 16:57 - 2014-07-11 13:29 - 00000472 _____ () C:\runcheck.txt
2014-07-11 16:52 - 2012-08-31 21:27 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-07-11 16:52 - 2012-08-31 21:27 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-07-11 16:52 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-11 13:31 - 2014-07-11 16:57 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:31 - 2012-08-31 05:24 - 01699592 _____ () C:\windows\WindowsUpdate.log
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 13:25 - 2014-07-10 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 13:20 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 12:52 - 2014-07-11 12:51 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:47 - 2012-08-05 23:07 - 00031970 _____ () C:\windows\PFRO.log
2014-07-11 12:45 - 2014-07-11 12:42 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:41 - 2014-07-11 12:40 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 12:41 - 2014-06-19 13:47 - 00015241 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-07-11 10:20 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-07-11 10:18 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-11 10:18 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:17 - 2014-07-07 18:34 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:32 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-11 10:17 - 2014-07-07 18:32 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:32 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-11 02:07 - 2013-10-01 09:05 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 02:03 - 2012-12-15 14:10 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 02:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-11 01:17 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 01:00 - 2014-07-11 00:19 - 00000000 ____D () C:\Qoobox
2014-07-11 01:00 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-07-11 00:54 - 2014-07-11 00:18 - 00000000 ____D () C:\windows\erdnt
2014-07-11 00:51 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-07-11 00:48 - 2012-07-26 07:26 - 67633152 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 14417920 _____ () C:\windows\system32\config\SYSTEM.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-07-10 23:50 - 2014-07-10 23:49 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 16:38 - 2014-07-10 16:37 - 00037842 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-10 15:54 - 2014-07-10 14:15 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:34 - 2014-07-10 14:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Google
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-09 22:50 - 2014-04-21 23:54 - 00000129 _____ () C:\Users\Lars Stehmann\Desktop\FoMa.txt
2014-07-09 18:13 - 2014-07-09 18:11 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-09 13:45 - 2014-02-13 20:31 - 00088904 _____ () C:\Users\Lars Stehmann\Desktop\napoli.ods
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 15:27 - 2014-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 22:13 - 2013-05-23 18:42 - 00070144 ___SH () C:\Users\Lars Stehmann\Downloads\Thumbs.db
2014-07-06 22:12 - 2014-07-06 20:00 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-06 19:35 - 2012-08-31 06:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-05 22:51 - 2012-12-13 20:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565124892-2511412510-2458214724-1004
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-07-01 00:42 - 2014-07-11 01:10 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-06-29 16:57 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-06-28 05:35 - 2014-07-11 01:10 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-26 22:53 - 2014-07-11 10:24 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-11 10:24 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 11:49 - 2013-10-01 08:24 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\Neuer Ordner
2014-06-24 12:49 - 2012-12-17 00:59 - 00766976 ___SH () C:\Users\Lars Stehmann\Desktop\Thumbs.db
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-21 18:25 - 2014-06-20 20:18 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-21 13:20 - 2014-06-20 11:11 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-21 12:09 - 2014-06-20 22:13 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 21:35 - 2014-03-10 16:29 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\4.Semester
2014-06-19 04:12 - 2014-07-11 01:08 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-11 01:08 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-11 01:08 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-11 01:08 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-11 01:08 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-11 01:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-18 01:27 - 2014-07-11 01:11 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-11 01:11 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-14 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-13 04:10 - 2014-06-08 22:51 - 02978373 _____ () C:\Users\Lars Stehmann\Desktop\wm2014_tippspiel.ods
2014-06-11 06:18 - 2014-07-11 01:11 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Lars Stehmann\AppData\Local\Temp\7za.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\hijackthis.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\NirCmd.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\PEVZ.EXE
C:\Users\Lars Stehmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\remove.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\sed.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\shortcut.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swreg.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swxcacls.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\wget.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 18:06

==================== End Of Log ============================

--- --- ---

--- --- ---

ADDITION.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Lars Stehmann at 2014-07-11 19:27:06
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53460839-526B-5CEC-011C-6F01CE411CF1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Next Generation Tennis 2003 (HKLM-x32\...\{1B29C0BE-AEB2-408C-BAA6-A4EE6CC8577C}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProjectLibre (HKLM-x32\...\{73C751CF-B4B9-4757-BDBC-0B3A5B16B531}) (Version: 1.5.17.0 - ProjectLibre)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Race Driver 2 Online Demo (x32 Version: 1.03.0010 - Codemasters) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

08-06-2014 17:06:07 Installiert Next Generation Tennis 2003
18-06-2014 08:09:27 Geplanter Prüfpunkt
27-06-2014 16:31:27 Windows Update
06-07-2014 16:18:55 Windows Update
10-07-2014 22:20:27 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-07-11 00:51 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0200E3AC-B15B-43A3-A026-5B6CD38D9279} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {022D5CA9-2218-474D-8D74-74FA85A00C15} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {081B14FF-6015-4C08-B021-226A9772CB2E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0E9D97A1-A465-48D0-BA55-C025FCF94F82} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {15BC6E8E-3BF9-40C9-ABE3-341F810187C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {7CFC0557-5ABF-4159-B64D-0C1DF9516AE1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {813ADBC4-08C7-4BB2-ABCE-FAF70AA196CC} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {8D27BE66-6B75-450B-8FEC-9DA0CFE59F1C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A49545EA-F214-4B28-8E8E-6F3CBBE262DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0F186F-5F9A-41B2-9456-C782B547FEEA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {CBD4CA57-F0CE-44D2-AB53-BD16C65D4CFE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D7B2CB40-9DD3-4BC3-BE50-72A6649DB198} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FF2CE0AE-23A6-40CE-AFD1-763F92CC9298} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 11:48 - 2012-08-26 11:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-28 15:27 - 2014-05-28 15:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 03:22 - 2012-08-08 03:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-05-02 09:55 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-07-11 19:22 - 2014-07-11 19:22 - 00098816 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32api.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00110080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\pywintypes27.dll
2014-07-11 19:22 - 2014-07-11 19:22 - 00364544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\pythoncom27.dll
2014-07-11 19:22 - 2014-07-11 19:22 - 00045568 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_socket.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 01160704 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_ssl.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00320512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32com.shell.shell.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00713216 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_hashlib.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 01175040 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._core_.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00805888 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._gdi_.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00811008 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._windows_.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 01062400 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._controls_.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00735232 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._misc_.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00128512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_elementtree.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00127488 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\pyexpat.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00557056 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\pysqlite2._sqlite.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00007168 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\hashobjs_ext.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00087552 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_ctypes.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00119808 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32file.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00108544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32security.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00018432 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32event.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00038912 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32inet.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00070656 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._html2.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00167936 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32gui.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00011264 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32crypt.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00027136 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\_multiprocessing.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00122368 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._wizard.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00010240 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\select.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00024064 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32pipe.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00686080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\unicodedata.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00025600 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32pdh.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00525640 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\windows._lib_cacheinvalidation.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00035840 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32process.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00017408 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32profile.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00022528 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\win32ts.pyd
2014-07-11 19:22 - 2014-07-11 19:22 - 00078336 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI27482\wx._animate.pyd
2014-06-14 09:18 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 16:04 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2014 07:23:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xe84
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 07:22:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x484
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/11/2014 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x150c
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 04:51:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x9bc
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/11/2014 01:23:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x1320
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 01:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xa44
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 01:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x904
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/11/2014 00:51:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x664
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 00:51:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xab8
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/11/2014 00:50:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x970
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5


System errors:
=============
Error: (07/11/2014 01:23:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/11/2014 01:20:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/11/2014 01:19:40 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:40 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:40 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:40 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:40 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:39 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:34 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/11/2014 01:19:34 PM) (Source: DCOM) (EventID: 10010) (User: LarsStehmann)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (07/11/2014 07:23:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835e8401cf9d2cd50e240bC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe1334adac-0920-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 07:22:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc48401cf9d2cb0aeab71C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exef11e2d55-091f-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 04:51:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835150c01cf9d1782af8f18C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exece38ec52-090a-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 04:51:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc9bc01cf9d175e68b0a6C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.execa0172be-090a-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 01:23:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835132001cf9cfa892830b2C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exec719c4b3-08ed-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 01:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835a4401cf9cfa588c2b4aC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exec3f78a5b-08ed-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 01:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc90401cf9cfa3422dca3C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe87b561f5-08ed-11e4-bf31-50b7c32e28bd

Error: (07/11/2014 00:51:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383566401cf9cf611d67707C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe4fcde788-08e9-11e4-bf30-50b7c32e28bd

Error: (07/11/2014 00:51:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835ab801cf9cf5be80ab2aC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe46d8a8fc-08e9-11e4-bf30-50b7c32e28bd

Error: (07/11/2014 00:50:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc97001cf9cf599cbd7a0C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe325121be-08e9-11e4-bf30-50b7c32e28bd


CodeIntegrity Errors:
===================================
  Date: 2014-07-11 00:45:06.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3675.78 MB
Available physical RAM: 2423.73 MB
Total Pagefile: 5595.78 MB
Available Pagefile: 3811.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.08 GB) (Free:376.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D35F083E)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 12.07.2014, 09:23

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (MySearch) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 [2014-07-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\b06c2bca1a0474eb
C:\Program Files (x86)\priCechhoP
C:\ProgramData\priCechhoP
C:\Program Files (x86)\MySearch
C:\ProgramData\Trusted Publisher
C:\ProgramData\MySearch
C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST.

stehmi · 12.07.2014, 21:57

Mittlerweile ist es soweit das der Internetbrowser sich verselbstständigt hat und auf eine Seite wechselt die mir dann sagt mein FlashPlayer müsste aktualisiert werden, automatisch startet dann ein Download irgendeiner Setup.exe. Außerdem ist alles voller Werbeanzeigen. Anfangs war das nur ein kleines Fenster auf der fastsearchingsseite in dem ich darauf hingewiesen wurde das mein PC doch bald abstürzen würde.

Hier die Logfiles:

FRST-Fix

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by Lars Stehmann at 2014-07-12 15:56:42 Run:1
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR Extension: (MySearch) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User DATA\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 [2014-07-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\b06c2bca1a0474eb
C:\Program Files (x86)\priCechhoP
C:\ProgramData\priCechhoP
C:\Program Files (x86)\MySearch
C:\ProgramData\Trusted Publisher
C:\ProgramData\MySearch
C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
Reboot:
end
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.
C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User DATA\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed => Moved successfully.
C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall => Moved successfully.
C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 directory not found.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\ProgramData\b06c2bca1a0474eb => Moved successfully.
C:\Program Files (x86)\priCechhoP => Moved successfully.
C:\ProgramData\priCechhoP => Moved successfully.
C:\Program Files (x86)\MySearch => Moved successfully.
C:\ProgramData\Trusted Publisher => Moved successfully.
C:\ProgramData\MySearch => Moved successfully.
C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=895522578093564892041cd84d1cb902
# engine=19145
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-12 08:27:17
# local_time=2014-07-12 10:27:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3595 16777213 100 91 5281079 167793422 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3864651 64702948 0 0
# scanned=673244
# found=3
# cleaned=0
# scan_time=10219
sh=D8255512583077742CCFAADE9D6AD5E7E2850E71 ft=1 fh=3de20d4546064442 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lars Stehmann\Downloads\paintXP_1.1 - CHIP-Installer.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lars Stehmann\Downloads\PDFCreator-1_7_3_setup.exe"
sh=CB28FC6C27626E2BCA77C1AAB24C8AE7DCEE13AF ft=1 fh=69022fca6a6b3fe2 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe"

checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender           
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Lars Stehmann (administrator) on LARSSTEHMANN on 12-07-2014 22:47:41
Running from C:\Users\Lars Stehmann\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-12]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-13]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR NewTab: "chrome-extension://anjpmpempfaedkaamogooccadhhdehed/newtab.html"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.6.48&doi=2014-05-29&apn_uid=DC1D0E09-3C3F-4C56-96B0-8B28C5A31BDE&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.114&psv=&pt=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Google-Suche) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Google Mail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-13] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [513184 2013-01-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\ENG64.SYS [126192 2013-01-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\EX64.SYS [2087664 2013-01-28] (Symantec Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-12 22:45 - 2014-07-12 22:47 - 00005062 _____ () C:\Users\Lars Stehmann\Desktop\^neuer post.txt
2014-07-12 22:44 - 2014-07-12 22:44 - 00724680 _____ () C:\Users\Lars Stehmann\Desktop\setup.exe
2014-07-12 22:38 - 2014-07-12 22:38 - 00854390 _____ () C:\Users\Lars Stehmann\Desktop\SecurityCheck.exe
2014-07-12 16:07 - 2014-07-12 16:07 - 02347384 _____ (ESET) C:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe
2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 16:57 - 2014-07-11 13:31 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:31 - 2014-07-11 16:57 - 00000363 _____ () C:\zoek-results.log
2014-07-11 13:29 - 2014-07-11 16:57 - 00000472 _____ () C:\runcheck.txt
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 12:51 - 2014-07-11 12:52 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-11 12:42 - 2014-07-11 12:45 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:40 - 2014-07-11 12:41 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 01:11 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 01:11 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 01:11 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 01:11 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-11 01:11 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-11 01:11 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-11 01:11 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-11 01:11 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-11 01:11 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-11 01:11 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-11 01:10 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-11 01:10 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 01:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-11 01:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 01:08 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 01:08 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 01:08 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-11 01:08 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 01:07 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 01:07 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 00:20 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-11 00:20 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-11 00:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-11 00:19 - 2014-07-11 01:00 - 00000000 ____D () C:\Qoobox
2014-07-11 00:18 - 2014-07-11 00:54 - 00000000 ____D () C:\windows\erdnt
2014-07-10 23:49 - 2014-07-10 23:50 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 16:37 - 2014-07-11 19:28 - 00038279 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-10 16:35 - 2014-07-12 22:48 - 00017337 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:34 - 2014-07-12 22:47 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-11 19:22 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:43 - 2014-07-11 13:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 14:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 14:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 14:33 - 2014-07-10 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:14 - 2014-07-12 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-09 18:11 - 2014-07-09 18:13 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-07 18:34 - 2014-07-11 10:17 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-07 18:34 - 2014-07-11 10:16 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-07 18:34 - 2014-07-11 10:16 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-07 18:33 - 2014-07-11 10:17 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-07 18:32 - 2014-07-11 10:17 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-07 18:32 - 2014-07-11 10:17 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-07 18:32 - 2014-07-11 10:16 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 20:00 - 2014-07-06 22:12 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-25 18:38 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-25 18:38 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-25 18:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-25 18:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-25 18:37 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-25 18:37 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-25 18:37 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-25 18:37 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-25 18:37 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-25 18:30 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-25 18:30 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-25 18:30 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 22:13 - 2014-06-21 12:09 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 20:18 - 2014-06-21 18:25 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-20 11:11 - 2014-06-21 13:20 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-19 13:47 - 2014-07-11 22:36 - 00015357 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods

==================== One Month Modified Files and Folders =======

2014-07-12 22:48 - 2014-07-10 16:35 - 00017337 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-12 22:47 - 2014-07-12 22:45 - 00005062 _____ () C:\Users\Lars Stehmann\Desktop\^neuer post.txt
2014-07-12 22:47 - 2014-07-10 16:34 - 00000000 ____D () C:\FRST
2014-07-12 22:44 - 2014-07-12 22:44 - 00724680 _____ () C:\Users\Lars Stehmann\Desktop\setup.exe
2014-07-12 22:38 - 2014-07-12 22:38 - 00854390 _____ () C:\Users\Lars Stehmann\Desktop\SecurityCheck.exe
2014-07-12 22:21 - 2012-08-31 06:42 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-12 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-12 20:28 - 2012-08-31 21:27 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-07-12 20:28 - 2012-08-31 21:27 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-07-12 20:28 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-12 19:54 - 2012-08-31 05:24 - 01857213 _____ () C:\windows\WindowsUpdate.log
2014-07-12 19:38 - 2012-08-31 06:28 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-12 19:36 - 2013-11-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-12 19:35 - 2014-03-12 18:40 - 00000000 ___RD () C:\Users\Lars Stehmann\Google Drive
2014-07-12 19:35 - 2012-12-13 19:56 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\CrashDumps
2014-07-12 19:30 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-12 16:41 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-07-12 16:07 - 2014-07-12 16:07 - 02347384 _____ (ESET) C:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe
2014-07-12 15:58 - 2014-07-10 14:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 15:57 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-12 15:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-12 08:43 - 2012-08-05 23:07 - 00032548 _____ () C:\windows\PFRO.log
2014-07-11 23:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-11 22:36 - 2014-06-19 13:47 - 00015357 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-07-11 19:28 - 2014-07-10 16:37 - 00038279 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 19:22 - 2014-07-10 16:33 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-11 16:57 - 2014-07-11 13:31 - 00000363 _____ () C:\zoek-results.log
2014-07-11 16:57 - 2014-07-11 13:29 - 00000472 _____ () C:\runcheck.txt
2014-07-11 13:31 - 2014-07-11 16:57 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 13:25 - 2014-07-10 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 12:52 - 2014-07-11 12:51 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:45 - 2014-07-11 12:42 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:41 - 2014-07-11 12:40 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-07-11 10:18 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-11 10:18 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:17 - 2014-07-07 18:34 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:32 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-11 10:17 - 2014-07-07 18:32 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:32 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-11 02:07 - 2013-10-01 09:05 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 02:03 - 2012-12-15 14:10 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 02:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-11 01:17 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 01:00 - 2014-07-11 00:19 - 00000000 ____D () C:\Qoobox
2014-07-11 01:00 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-07-11 00:54 - 2014-07-11 00:18 - 00000000 ____D () C:\windows\erdnt
2014-07-11 00:51 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-07-11 00:48 - 2012-07-26 07:26 - 67633152 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 14417920 _____ () C:\windows\system32\config\SYSTEM.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-07-10 23:50 - 2014-07-10 23:49 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:34 - 2014-07-10 14:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Google
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-09 22:50 - 2014-04-21 23:54 - 00000129 _____ () C:\Users\Lars Stehmann\Desktop\FoMa.txt
2014-07-09 18:13 - 2014-07-09 18:11 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-09 13:45 - 2014-02-13 20:31 - 00088904 _____ () C:\Users\Lars Stehmann\Desktop\napoli.ods
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 15:27 - 2014-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 22:13 - 2013-05-23 18:42 - 00070144 ___SH () C:\Users\Lars Stehmann\Downloads\Thumbs.db
2014-07-06 22:12 - 2014-07-06 20:00 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:35 - 2012-08-31 06:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-05 22:51 - 2012-12-13 20:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565124892-2511412510-2458214724-1004
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-07-01 00:42 - 2014-07-11 01:10 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-06-28 05:35 - 2014-07-11 01:10 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-26 22:53 - 2014-07-11 10:24 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-11 10:24 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 11:49 - 2013-10-01 08:24 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\Neuer Ordner
2014-06-24 12:49 - 2012-12-17 00:59 - 00766976 ___SH () C:\Users\Lars Stehmann\Desktop\Thumbs.db
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-21 18:25 - 2014-06-20 20:18 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-21 13:20 - 2014-06-20 11:11 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-21 12:09 - 2014-06-20 22:13 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 21:35 - 2014-03-10 16:29 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\4.Semester
2014-06-19 04:12 - 2014-07-11 01:08 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-11 01:08 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-11 01:08 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-11 01:08 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-11 01:08 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-11 01:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-18 01:27 - 2014-07-11 01:11 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-11 01:11 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-13 04:10 - 2014-06-08 22:51 - 02978373 _____ () C:\Users\Lars Stehmann\Desktop\wm2014_tippspiel.ods

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Lars Stehmann\AppData\Local\Temp\7za.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\hijackthis.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\NirCmd.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\PEVZ.EXE
C:\Users\Lars Stehmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\remove.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\sed.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\shortcut.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swreg.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swxcacls.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\wget.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 18:06

==================== End Of Log ============================

--- --- ---

--- --- ---

ADDITION.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Lars Stehmann at 2014-07-12 22:50:14
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53460839-526B-5CEC-011C-6F01CE411CF1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Next Generation Tennis 2003 (HKLM-x32\...\{1B29C0BE-AEB2-408C-BAA6-A4EE6CC8577C}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProjectLibre (HKLM-x32\...\{73C751CF-B4B9-4757-BDBC-0B3A5B16B531}) (Version: 1.5.17.0 - ProjectLibre)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Race Driver 2 Online Demo (x32 Version: 1.03.0010 - Codemasters) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

27-06-2014 16:31:27 Windows Update
06-07-2014 16:18:55 Windows Update
10-07-2014 22:20:27 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-07-11 00:51 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0200E3AC-B15B-43A3-A026-5B6CD38D9279} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {022D5CA9-2218-474D-8D74-74FA85A00C15} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {081B14FF-6015-4C08-B021-226A9772CB2E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0E9D97A1-A465-48D0-BA55-C025FCF94F82} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {15BC6E8E-3BF9-40C9-ABE3-341F810187C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {7CFC0557-5ABF-4159-B64D-0C1DF9516AE1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {813ADBC4-08C7-4BB2-ABCE-FAF70AA196CC} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {8D27BE66-6B75-450B-8FEC-9DA0CFE59F1C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A49545EA-F214-4B28-8E8E-6F3CBBE262DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE31EDBC-0D51-4A20-9280-4492751AA847} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0F186F-5F9A-41B2-9456-C782B547FEEA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {CBD4CA57-F0CE-44D2-AB53-BD16C65D4CFE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D7B2CB40-9DD3-4BC3-BE50-72A6649DB198} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 11:48 - 2012-08-26 11:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-28 15:27 - 2014-05-28 15:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 03:22 - 2012-08-08 03:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-05-02 09:55 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-07-12 19:34 - 2014-07-12 19:34 - 00098816 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32api.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00110080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\pywintypes27.dll
2014-07-12 19:34 - 2014-07-12 19:34 - 00364544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\pythoncom27.dll
2014-07-12 19:34 - 2014-07-12 19:34 - 00045568 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_socket.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 01160704 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_ssl.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00320512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32com.shell.shell.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00713216 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_hashlib.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 01175040 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._core_.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00805888 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._gdi_.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00811008 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._windows_.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 01062400 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._controls_.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00735232 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._misc_.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00128512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_elementtree.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00127488 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\pyexpat.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00557056 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\pysqlite2._sqlite.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00007168 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\hashobjs_ext.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00087552 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_ctypes.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00119808 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32file.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00108544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32security.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00018432 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32event.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00038912 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32inet.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00070656 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._html2.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00167936 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32gui.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00011264 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32crypt.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00027136 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\_multiprocessing.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00122368 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._wizard.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00010240 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\select.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00024064 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32pipe.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00686080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\unicodedata.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00025600 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32pdh.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00525640 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\windows._lib_cacheinvalidation.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00035840 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32process.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00017408 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32profile.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00022528 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\win32ts.pyd
2014-07-12 19:34 - 2014-07-12 19:34 - 00078336 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI42402\wx._animate.pyd
2014-06-14 09:18 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 16:04 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2014 10:32:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x13ac
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/12/2014 07:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xe8
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/12/2014 07:35:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:34:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 04:16:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 04:08:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 04:08:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 04:07:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (07/12/2014 07:32:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 07:29:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 07:29:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎07.‎2014 um 18:53:14 unerwartet heruntergefahren.

Error: (07/12/2014 06:03:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NILS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5FB5E4E1-D9C1-4448-A64F-155725173B20}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/12/2014 04:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 03:58:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 08:45:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 08:43:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 08:41:54 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/11/2014 11:04:07 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.35
registriert werden. Der Computer mit IP-Adresse 192.168.2.26 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (07/12/2014 10:32:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/12/2014 07:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383513ac01cf9df7aa72a54dC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exef13edea9-09ea-11e4-bf34-50b7c32e28bd

Error: (07/12/2014 07:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cce801cf9df785fbbfe1C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exeed41a36f-09ea-11e4-bf34-50b7c32e28bd

Error: (07/12/2014 07:35:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 07:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 07:34:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 04:16:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/12/2014 04:08:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 04:08:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 04:07:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-11 00:45:06.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3675.78 MB
Available physical RAM: 2019.99 MB
Total Pagefile: 5595.78 MB
Available Pagefile: 3705.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.08 GB) (Free:378.7 GB) NTFS
Drive e: () (Removable) (Total:3.72 GB) (Free:0.83 GB) FAT
Drive f: (CD ROM) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D35F083E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 6B736964)
No partition Table on disk 1.

==================== End Of Log ============================

M-K-D-B · 13.07.2014, 08:19

Servus,

also Logdateien sehen jetzt ganz gut aus, mal folgendes bitte durchführen:

Schritt 1
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit Werbesoftware?
Wenn ja, in welchem Browser? Wie äußern sich diese Probleme?

Bitte poste mit deiner nächsten Antwort

die Logdatei von Zoek,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

stehmi · 13.07.2014, 09:55

Jetzt scheint das Problem behoben, hab zumindest meine gewöhnliche Startseite wieder und werde nicht mehr mit Werbefenstern zu Schmuck oder irgendwelchen Downloads zugetextet. Vorher war's so das der Tab in Chrome stets am arbeiten war, also links immer das "Ladezeichen" war und dann irgendwann auf eine Seite namens cj.com umgesprungen ist, die mir sagte mein Flashplayer müsste aktualisiert werden. Das kommt nun auch nicht mehr vor, zumindest lädt der Tab nicht durchgehend.
Ich habe jetzt aber auch noch dieses Setup auf dem Destkop das es mir runtergeladen hat als ich auf diese cj-Seite geschickt wurde. So sieht's aus:

Kann das einfach den Weg über den Papierkorb nehmen oder muss das auch noch irgendwie gesondert entfernt werden?
Ansonsten danke ich dir scho nmal für deine Hilfe, scheint alles wieder in Ordnung zu sein.

ZOEK-Log

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 12-July-2014
Tool run by Lars Stehmann on 13.07.2014 at 10:26:09,63.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lars Stehmann\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2014-07-11-113130.log	396 bytes
C:\zoek-results2014-07-11-145706.log	363 bytes

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{901D31B8-7250-4352-9EE9-4E9AA33B9014} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 13.07.2014 at 10:32:02,27 ======================

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Lars Stehmann (administrator) on LARSSTEHMANN on 13-07-2014 10:34:00
Running from C:\Users\Lars Stehmann\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\Lars Stehmann\Desktop\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-13]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-13]
CHR Extension: (Google Drive) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Google-Suche) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (Google Wallet) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Google Mail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-13] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [513184 2013-01-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\ENG64.SYS [126192 2013-01-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\EX64.SYS [2087664 2013-01-28] (Symantec Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 10:30 - 2014-07-11 16:57 - 00000363 _____ () C:\zoek-results2014-07-11-145706.log
2014-07-12 22:45 - 2014-07-13 10:28 - 00000000 _____ () C:\Users\Lars Stehmann\Desktop\^neuer post.txt
2014-07-12 22:44 - 2014-07-12 22:44 - 00724680 _____ () C:\Users\Lars Stehmann\Desktop\setup.exe
2014-07-12 22:38 - 2014-07-12 22:38 - 00854390 _____ () C:\Users\Lars Stehmann\Desktop\SecurityCheck.exe
2014-07-12 16:07 - 2014-07-12 16:07 - 02347384 _____ (ESET) C:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe
2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 16:57 - 2014-07-11 13:31 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:31 - 2014-07-13 10:32 - 00001796 _____ () C:\zoek-results.log
2014-07-11 13:29 - 2014-07-13 10:32 - 00000546 _____ () C:\runcheck.txt
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 12:51 - 2014-07-11 12:52 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-11 12:42 - 2014-07-11 12:45 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:40 - 2014-07-11 12:41 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 10:24 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 01:11 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-11 01:11 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-11 01:11 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-11 01:11 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-11 01:11 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-11 01:11 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-11 01:11 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-11 01:11 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-11 01:11 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-11 01:11 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-11 01:11 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 01:11 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-11 01:10 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-11 01:10 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-11 01:10 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-11 01:10 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-11 01:10 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-11 01:10 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-11 01:08 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-11 01:08 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-11 01:08 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-11 01:08 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-11 01:08 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-11 01:08 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-11 01:08 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-11 01:08 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-11 01:08 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-11 01:08 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-11 01:07 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-11 01:07 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 00:20 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-11 00:20 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-11 00:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-11 00:20 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-11 00:19 - 2014-07-11 01:00 - 00000000 ____D () C:\Qoobox
2014-07-11 00:18 - 2014-07-11 00:54 - 00000000 ____D () C:\windows\erdnt
2014-07-10 23:49 - 2014-07-10 23:50 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 16:37 - 2014-07-12 22:51 - 00042464 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-10 16:35 - 2014-07-13 10:34 - 00015825 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:34 - 2014-07-13 10:34 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-11 19:22 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:43 - 2014-07-11 13:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 14:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 14:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 14:33 - 2014-07-10 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:14 - 2014-07-12 15:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-09 18:11 - 2014-07-09 18:13 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-07 18:34 - 2014-07-11 10:17 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-07 18:34 - 2014-07-11 10:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-07 18:34 - 2014-07-11 10:16 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-07 18:34 - 2014-07-11 10:16 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-07 18:33 - 2014-07-11 10:17 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-07 18:33 - 2014-07-11 10:17 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-07 18:32 - 2014-07-11 10:17 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-07 18:32 - 2014-07-11 10:17 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-07 18:32 - 2014-07-11 10:16 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 20:00 - 2014-07-13 10:21 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-25 18:38 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-25 18:38 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-25 18:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-25 18:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-25 18:37 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-25 18:37 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-25 18:37 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-25 18:37 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-25 18:37 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-25 18:30 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-25 18:30 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-25 18:30 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 22:13 - 2014-06-21 12:09 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 20:18 - 2014-06-21 18:25 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-20 11:11 - 2014-06-21 13:20 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-19 13:47 - 2014-07-11 22:36 - 00015357 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods

==================== One Month Modified Files and Folders =======

2014-07-13 10:34 - 2014-07-10 16:35 - 00015825 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-13 10:34 - 2014-07-10 16:34 - 00000000 ____D () C:\FRST
2014-07-13 10:32 - 2014-07-11 13:31 - 00001796 _____ () C:\zoek-results.log
2014-07-13 10:32 - 2014-07-11 13:29 - 00000546 _____ () C:\runcheck.txt
2014-07-13 10:30 - 2012-08-31 06:28 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-13 10:28 - 2014-07-12 22:45 - 00000000 _____ () C:\Users\Lars Stehmann\Desktop\^neuer post.txt
2014-07-13 10:28 - 2012-12-13 19:56 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\CrashDumps
2014-07-13 10:28 - 2012-08-31 05:24 - 01884720 _____ () C:\windows\WindowsUpdate.log
2014-07-13 10:25 - 2014-03-12 18:40 - 00000000 ___RD () C:\Users\Lars Stehmann\Google Drive
2014-07-13 10:25 - 2013-11-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 10:24 - 2012-08-05 23:07 - 00033624 _____ () C:\windows\PFRO.log
2014-07-13 10:24 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-13 10:23 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-13 10:21 - 2014-07-06 20:00 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-13 10:21 - 2012-08-31 06:42 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-13 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-13 09:51 - 2012-08-31 21:27 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-07-13 09:51 - 2012-08-31 21:27 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-07-13 09:51 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-13 00:07 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Windows Live
2014-07-12 23:09 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-12 22:51 - 2014-07-10 16:37 - 00042464 _____ () C:\Users\Lars Stehmann\Desktop\Addition.txt
2014-07-12 22:44 - 2014-07-12 22:44 - 00724680 _____ () C:\Users\Lars Stehmann\Desktop\setup.exe
2014-07-12 22:38 - 2014-07-12 22:38 - 00854390 _____ () C:\Users\Lars Stehmann\Desktop\SecurityCheck.exe
2014-07-12 16:41 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-07-12 16:07 - 2014-07-12 16:07 - 02347384 _____ (ESET) C:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe
2014-07-12 15:58 - 2014-07-10 14:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 15:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-11 22:36 - 2014-06-19 13:47 - 00015357 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-07-11 19:22 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\FRST-OlderVersion
2014-07-11 19:22 - 2014-07-10 16:33 - 02084864 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-11 16:57 - 2014-07-13 10:30 - 00000363 _____ () C:\zoek-results2014-07-11-145706.log
2014-07-11 13:31 - 2014-07-11 16:57 - 00000396 _____ () C:\zoek-results2014-07-11-113130.log
2014-07-11 13:28 - 2014-07-11 13:28 - 00000000 ____D () C:\zoek_backup
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2014-07-11 13:26 - 2014-07-11 13:26 - 00001565 _____ () C:\Users\Lars Stehmann\Desktop\mbam.txt
2014-07-11 13:25 - 2014-07-10 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 12:52 - 2014-07-11 12:51 - 00003976 _____ () C:\Users\Lars Stehmann\Desktop\Schritt 1 AdwCleaner.txt
2014-07-11 12:47 - 2014-07-11 12:47 - 00307904 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 12:45 - 2014-07-11 12:42 - 00000000 ____D () C:\AdwCleaner
2014-07-11 12:41 - 2014-07-11 12:40 - 01348263 _____ () C:\Users\Lars Stehmann\Desktop\adwcleaner_3.215.exe
2014-07-11 10:18 - 2014-07-11 10:18 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 10:18 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-07-11 10:18 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-11 10:18 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 10:17 - 2014-07-07 18:34 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:34 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-07-11 10:17 - 2014-07-07 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-11 10:17 - 2014-07-07 18:33 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-07-11 10:17 - 2014-07-07 18:32 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-07-11 10:17 - 2014-07-07 18:32 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-07-11 10:16 - 2014-07-07 18:34 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-07-11 10:16 - 2014-07-07 18:32 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-11 02:07 - 2013-10-01 09:05 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 02:03 - 2012-12-15 14:10 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 02:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-11 01:17 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-11 01:00 - 2014-07-11 01:00 - 00022559 _____ () C:\ComboFix.txt
2014-07-11 01:00 - 2014-07-11 00:19 - 00000000 ____D () C:\Qoobox
2014-07-11 01:00 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-07-11 00:54 - 2014-07-11 00:18 - 00000000 ____D () C:\windows\erdnt
2014-07-11 00:51 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-07-11 00:48 - 2012-07-26 07:26 - 67633152 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 14417920 _____ () C:\windows\system32\config\SYSTEM.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-07-11 00:48 - 2012-07-26 07:26 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-07-10 23:50 - 2014-07-10 23:49 - 05217324 ____R (Swearware) C:\Users\Lars Stehmann\Desktop\ComboFix.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:34 - 2014-07-10 14:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Google
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-09 22:50 - 2014-04-21 23:54 - 00000129 _____ () C:\Users\Lars Stehmann\Desktop\FoMa.txt
2014-07-09 18:13 - 2014-07-09 18:11 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-09 13:45 - 2014-02-13 20:31 - 00088904 _____ () C:\Users\Lars Stehmann\Desktop\napoli.ods
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 15:27 - 2014-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 22:13 - 2013-05-23 18:42 - 00070144 ___SH () C:\Users\Lars Stehmann\Downloads\Thumbs.db
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:35 - 2012-08-31 06:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-05 22:51 - 2012-12-13 20:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565124892-2511412510-2458214724-1004
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-07-01 00:42 - 2014-07-11 01:10 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-01 00:42 - 2014-07-11 01:10 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-06-28 05:35 - 2014-07-11 01:10 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-26 22:53 - 2014-07-11 10:24 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-11 10:24 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 11:49 - 2013-10-01 08:24 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\Neuer Ordner
2014-06-24 12:49 - 2012-12-17 00:59 - 00766976 ___SH () C:\Users\Lars Stehmann\Desktop\Thumbs.db
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-21 18:25 - 2014-06-20 20:18 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-21 13:20 - 2014-06-20 11:11 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-21 12:09 - 2014-06-20 22:13 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 21:35 - 2014-03-10 16:29 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\4.Semester
2014-06-19 04:12 - 2014-07-11 01:08 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-11 01:08 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-11 01:08 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-11 01:08 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-11 01:08 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-11 01:08 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-11 01:08 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-11 01:08 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-11 01:08 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-11 01:08 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-11 01:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-18 01:27 - 2014-07-11 01:11 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-11 01:11 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-13 04:10 - 2014-06-08 22:51 - 02978373 _____ () C:\Users\Lars Stehmann\Desktop\wm2014_tippspiel.ods

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Lars Stehmann\AppData\Local\Temp\7za.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\hijackthis.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\NirCmd.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\PEVZ.EXE
C:\Users\Lars Stehmann\AppData\Local\Temp\Quarantine.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\remove.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\sed.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\shortcut.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swreg.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\swxcacls.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\wget.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 18:06

==================== End Of Log ============================

--- --- ---

--- --- ---

ADDITION.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Lars Stehmann at 2014-07-13 10:36:16
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53460839-526B-5CEC-011C-6F01CE411CF1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Next Generation Tennis 2003 (HKLM-x32\...\{1B29C0BE-AEB2-408C-BAA6-A4EE6CC8577C}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProjectLibre (HKLM-x32\...\{73C751CF-B4B9-4757-BDBC-0B3A5B16B531}) (Version: 1.5.17.0 - ProjectLibre)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Race Driver 2 Online Demo (x32 Version: 1.03.0010 - Codemasters) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

27-06-2014 16:31:27 Windows Update
06-07-2014 16:18:55 Windows Update
10-07-2014 22:20:27 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-07-11 00:51 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0200E3AC-B15B-43A3-A026-5B6CD38D9279} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {022D5CA9-2218-474D-8D74-74FA85A00C15} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {081B14FF-6015-4C08-B021-226A9772CB2E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0E9D97A1-A465-48D0-BA55-C025FCF94F82} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {15BC6E8E-3BF9-40C9-ABE3-341F810187C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {79746511-3A60-489C-80E8-49765925E7AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {7CFC0557-5ABF-4159-B64D-0C1DF9516AE1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {813ADBC4-08C7-4BB2-ABCE-FAF70AA196CC} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {8D27BE66-6B75-450B-8FEC-9DA0CFE59F1C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A49545EA-F214-4B28-8E8E-6F3CBBE262DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0F186F-5F9A-41B2-9456-C782B547FEEA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {CBD4CA57-F0CE-44D2-AB53-BD16C65D4CFE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D7B2CB40-9DD3-4BC3-BE50-72A6649DB198} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 11:48 - 2012-08-26 11:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-28 15:27 - 2014-05-28 15:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-07-11 13:27 - 2014-07-11 13:27 - 01285120 _____ () C:\Users\Lars Stehmann\Desktop\zoek.exe
2012-08-08 03:22 - 2012-08-08 03:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-07-13 10:25 - 2014-07-13 10:25 - 00098816 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32api.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00110080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\pywintypes27.dll
2014-07-13 10:25 - 2014-07-13 10:25 - 00364544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\pythoncom27.dll
2014-07-13 10:25 - 2014-07-13 10:25 - 00045568 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_socket.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 01160704 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_ssl.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00320512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32com.shell.shell.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00713216 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_hashlib.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 01175040 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._core_.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00805888 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._gdi_.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00811008 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._windows_.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 01062400 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._controls_.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00735232 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._misc_.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00128512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_elementtree.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00127488 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\pyexpat.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00557056 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\pysqlite2._sqlite.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00007168 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\hashobjs_ext.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00087552 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_ctypes.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00119808 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32file.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00108544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32security.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00018432 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32event.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00038912 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32inet.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00070656 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._html2.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00167936 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32gui.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00011264 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32crypt.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00027136 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\_multiprocessing.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00122368 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._wizard.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00010240 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\select.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00024064 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32pipe.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00686080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\unicodedata.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00025600 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32pdh.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00525640 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\windows._lib_cacheinvalidation.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00035840 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32process.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00017408 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32profile.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00022528 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\win32ts.pyd
2014-07-13 10:25 - 2014-07-13 10:25 - 00078336 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI36242\wx._animate.pyd
2014-05-02 09:55 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 16:04 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2014 10:28:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x5f8
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/13/2014 10:28:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x12f0
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/13/2014 10:25:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/13/2014 10:25:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (2956) Versuch, Datei "C:\Users\Lars Stehmann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/12/2014 10:32:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x13ac
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/12/2014 07:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0xe8
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/12/2014 07:35:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/12/2014 07:34:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (07/13/2014 10:26:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 10:24:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 07:32:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 07:29:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 07:29:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎07.‎2014 um 18:53:14 unerwartet heruntergefahren.

Error: (07/12/2014 06:03:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NILS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5FB5E4E1-D9C1-4448-A64F-155725173B20}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/12/2014 04:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 03:58:01 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/12/2014 08:45:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 08:43:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys


Microsoft Office Sessions:
=========================
Error: (07/13/2014 10:28:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd204000001500000000001838355f801cf9e746f74d6caC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exead3b90d1-0a67-11e4-bf35-50b7c32e28bd

Error: (07/13/2014 10:28:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383512f001cf9e74180ee897C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exea9d45061-0a67-11e4-bf35-50b7c32e28bd

Error: (07/13/2014 10:25:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccb8401cf9e73f3a0cbb9C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe3a81f518-0a67-11e4-bf35-50b7c32e28bd

Error: (07/13/2014 10:25:21 AM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex2956C:\Users\Lars Stehmann\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/12/2014 10:32:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/12/2014 07:35:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383513ac01cf9df7aa72a54dC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exef13edea9-09ea-11e4-bf34-50b7c32e28bd

Error: (07/12/2014 07:35:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cce801cf9df785fbbfe1C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exeed41a36f-09ea-11e4-bf34-50b7c32e28bd

Error: (07/12/2014 07:35:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 07:34:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe

Error: (07/12/2014 07:34:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Lars Stehmann\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-07-11 00:45:06.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 3675.78 MB
Available physical RAM: 2350.28 MB
Total Pagefile: 5083.78 MB
Available Pagefile: 3625.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.08 GB) (Free:378.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D35F083E)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 13.07.2014, 10:03

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
C:\Users\Lars Stehmann\Downloads\*- CHIP-Installer.exe
C:\Users\Lars Stehmann\Downloads\PDFCreator-1_7_3_setup.exe
C:\Users\Lars Stehmann\Desktop\setup.exe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Setze Google Chrome nach dieser Anleitung zurück.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Adobe Reader 10

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

stehmi · 14.07.2014, 21:43

Es scheint alles wieder seinen normalen Gang zu gehen, danke dir.
Denke auch die Tipps habe ich größtenteils befolgt und werde ich künftig verfolgen, hatte chip bisher eigentlich immer ganz positiv gesehen, wird dann nun gemieden.
Das Fixlog ist leider beim Reste entfernen mit drauf gegangen, ist hoffe ich kein allzu großes Problem das ich dir damit nun nicht mehr dienen kann.

11.07.2014, 18:10	#8
M-K-D-B /// TB-Ausbilder	Fastsearchings.info und vermutlich weitere Viren Wenn nach einer Stunde nix geht, dann lass es gut sein und mach mit FRST weiter.

Fastsearchings.info und vermutlich weitere Viren

Plagegeister aller Art und deren Bekämpfung: Fastsearchings.info und vermutlich weitere Viren