Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
98uj8.de- auch ich bin betroffen

98uj8.de- auch ich bin betroffen


Plagegeister aller Art und deren Bekämpfung: 98uj8.de- auch ich bin betroffen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 04.08.2014, 14:19   #1
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Hallo,

auch mit hat die "98uj8.de-maleware" erwischt. Letzte Woche bekam ich ihn. Mit Malewarebytes Anti Maleware habe ich ihn entfern. Firefox deinstalliert und neu installiert. Gestern kam er leider wieder. Ich habe daraufhin mein system gecheckt. Kaspersky und Antimaleware haben nichts gefunden. Dennoch ist mein Primärer Browser (Firefox) befallen.

Ich habe gesehen dass ihr hier schon vielen Usern helfen konntet. Ich bin glaube ich der erste (ich habe so ca. 10 Beiträge gelesen) bei dem er sofort wiederkam (bzw. nicht richtig weg war dann ).

Mein Rechner erscheint mir seitdem auch sehr langsam...



/edit: ich weiß dass mein Windows nicht auf dem neuesten Stand ist. Den Download muss ich aber morgen in der Uni machen, das klappt nicht daheim...

Alt 04.08.2014, 14:20   #2
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Hallo Froop



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 04.08.2014, 14:22   #3
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Hast du noch Logs von Malwarebytes ?
__________________
__________________
Alt 04.08.2014, 15:00   #4
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christian (administrator) on CHRISTIAN-PC on 04-08-2014 15:55:17
Running from C:\Users\Christian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465320 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-20] (Microsoft Corporation)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Microsoft Adobe Driver Update] => C:\Users\CHRIST~1\AppD
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {3562a656-6860-11e1-a63b-00262dc4503e} - F:\setup_ftl_1.0.0.6.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {8e5f4fa6-41f7-11e1-bc9c-806e6f6e6963} - E:\InstallNavi.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\MountPoints2: {a58e8600-e1a1-11e3-b7a0-00262dc4503e} - G:\Startme.exe
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-2998117307-905345789-2759643071-1000\$46fe286b4516f027b2c781ac33660b1b\n. ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB0C2A79BC57CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: 46.163.108.190    ssc-offdilln.de
Tcpip\Parameters: [DhcpNameServer] 192.168.0.9

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default
FF NetworkProxy: "ftp", "proxyus1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-21]
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-10]
FF Extension: Video HTML5 Player Free - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{60d5d1b1-a4e6-4d21-a4bd-c316fe418af6}.xpi [2013-11-14]
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-17]
FF Extension: Greasemonkey - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-07]
FF Extension: {ea619470-9fc9-4afa-9ca1-7181142f277b} - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{ea619470-9fc9-4afa-9ca1-7181142f277b}.xpi [2013-11-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-07-02] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-03-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-08-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S2 PLCNDIS5; \SystemRoot\system32\plcndis5.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 15:55 - 2014-08-04 15:56 - 00021580 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-01 15:30 - 2014-08-01 15:31 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 06:39 - 2014-08-03 22:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 06:39 - 2014-08-01 08:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 06:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 06:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 12:13 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 12:13 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 12:13 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 12:13 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 12:12 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 12:12 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 12:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 11:28 - 2014-07-30 21:30 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:00 - 2014-07-30 11:11 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:30 - 2014-07-29 19:31 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:03 - 2014-07-29 10:04 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:01 - 2014-07-26 13:41 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 12:56 - 2014-07-26 13:24 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 12:56 - 2014-07-26 13:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:40 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 12:40 - 2012-07-25 00:00 - 00345600 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxuina1.dll
2014-07-26 12:40 - 2012-07-25 00:00 - 00093696 _____ (Seiko Epson Corporation.) C:\Windows\system32\esxw2_a1.dll
2014-07-26 12:40 - 2012-07-10 01:00 - 00065793 _____ () C:\Windows\system32\esfwa1.bin
2014-07-26 12:40 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\SysWOW64\esinta1.dll
2014-07-26 12:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-07-24 10:42 - 2014-08-01 16:36 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 10:42 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:41 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:01 - 2014-07-10 13:02 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-07 21:22 - 2014-07-07 21:25 - 00000000 ___HD () C:\ArcTemp
2014-07-07 21:20 - 2014-07-07 21:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:47 - 2014-07-06 18:48 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 15:56 - 2014-08-04 15:55 - 00021580 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 15:55 - 2012-01-18 21:06 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-04 15:52 - 2012-01-20 09:53 - 00000000 ____D () C:\Users\Christian\Desktop\Uni Siegen
2014-08-04 15:23 - 2014-06-17 21:46 - 00000000 ____D () C:\Users\Christian\Documents\Citavi 4
2014-08-04 15:22 - 2012-01-18 19:16 - 01709451 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 15:19 - 2013-03-31 16:36 - 00000000 ____D () C:\Users\Christian\Desktop\Steam
2014-08-04 14:22 - 2012-01-18 21:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 07:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 07:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 07:09 - 2010-05-12 10:18 - 26474590 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 07:09 - 2010-05-12 10:18 - 08556840 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 07:09 - 2009-07-14 07:13 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-03 23:22 - 2014-06-19 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 22:56 - 2014-08-01 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 20:35 - 2012-01-23 11:34 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-08-03 20:34 - 2012-01-23 11:27 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-08-03 20:32 - 2013-02-25 13:54 - 00000105 _____ () C:\Windows\Brownie.ini
2014-08-03 20:30 - 2012-01-18 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 20:30 - 2009-07-14 06:51 - 00121277 _____ () C:\Windows\setupact.log
2014-08-03 19:30 - 2014-03-16 20:11 - 00000000 ____D () C:\Users\Christian\AppData\Local\Battle.net
2014-08-03 12:52 - 2012-06-18 20:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\TS3Client
2014-08-03 12:13 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-03 12:13 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-03 12:12 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-01 16:36 - 2014-07-24 10:42 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-01 16:36 - 2014-07-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-01 16:36 - 2014-07-24 10:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-01 15:31 - 2014-08-01 15:30 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 15:30 - 2012-02-14 15:15 - 448935437 _____ () C:\Windows\MEMORY.DMP
2014-08-01 15:30 - 2012-02-14 15:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:30 - 2012-01-18 19:43 - 00278344 _____ () C:\Windows\PFRO.log
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 08:39 - 2014-08-01 06:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 07:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:12 - 2014-03-16 20:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 21:30 - 2014-07-30 11:28 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 14:51 - 2012-01-18 19:24 - 00000000 ____D () C:\Users\Christian
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:11 - 2014-07-30 11:00 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:31 - 2014-07-29 19:30 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:04 - 2014-07-29 10:03 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:41 - 2014-07-26 13:01 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 13:35 - 2012-12-14 00:12 - 00000000 ____D () C:\Users\Christian\Documents\Eigene PSP-Dateien
2014-07-26 13:24 - 2014-07-26 12:56 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 13:05 - 2014-07-26 12:56 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:42 - 2014-07-26 12:40 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:42 - 2012-01-18 19:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 08:32 - 2012-01-23 11:34 - 00001033 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-07-26 08:32 - 2012-01-23 11:28 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 12:03 - 2014-03-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 22:16 - 2013-01-27 15:36 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-15 14:21 - 2013-12-14 21:08 - 00000000 ____D () C:\Users\Christian\Desktop\Breaking Bad
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:02 - 2014-07-10 13:01 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-08 13:08 - 2013-08-12 23:27 - 00000000 ____D () C:\Users\Christian\Desktop\T
2014-07-07 21:27 - 2012-03-04 14:11 - 00111109 _____ () C:\Windows\DirectX.log
2014-07-07 21:25 - 2014-07-07 21:22 - 00000000 ___HD () C:\ArcTemp
2014-07-07 21:25 - 2014-07-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:22 - 2014-07-07 21:20 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:48 - 2014-07-06 18:47 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2998117307-905345789-2759643071-1000\$46fe286b4516f027b2c781ac33660b1b

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsqsfxv.dll
C:\Users\Christian\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Christian\AppData\Local\Temp\iview435_setup.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Christian\AppData\Local\Temp\ose00000.exe
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe
C:\Users\Christian\AppData\Local\Temp\setup.exe
C:\Users\Christian\AppData\Local\Temp\Tsu5E47DFF8.dll
C:\Users\Christian\AppData\Local\Temp\WYSIWYG_Web_Builder_8_-_Deutsches_Sprachpaket.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 07:45

==================== End Of Log ============================
--- --- ---



Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Christian at 2014-08-04 15:56:34
Running from C:\Users\Christian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
AION Free-To-Play (HKLM-x32\...\AION Free-To-Play) (Version: v0.1 - Gameforge 4D)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brother HL-3040CN (HKLM-x32\...\{A85B6E2A-BA0D-45AA-9827-C4132EBAF595}) (Version: 1.00 - Brother)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
devolo MicroLink dLAN Konfigurations-Assistent (HKLM-x32\...\dlanconf) (Version: 1.6.0.0 - devolo AG)
devolo MicroLink EasyClean (HKLM-x32\...\easyclean) (Version: 1.1.0.0 - devolo AG)
devolo MicroLink EasyShare (HKLM-x32\...\easyshare) (Version: 1.2.0.0 - devolo AG)
devolo MicroLink Informer (HKLM-x32\...\dslmon) (Version: 1.12.0.0 - devolo AG)
Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Epson Benutzerhandbuch EPSON Perfection V600 Photo (HKLM-x32\...\EPSON Perfection V600 Photo Useg) (Version:  - )
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version:  - GOG.com)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FireArc Arcade (HKLM-x32\...\{00BF5357-F404-4FE9-981D-119E4F5CF9FC}) (Version: 0.6.1 - FireArc.com)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Guitar Pro 6.0 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hamachi 1.0.1.5 (HKLM-x32\...\Hamachi) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Jasc Paint Shop Pro Studio (HKLM-x32\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version:  - NCsoft)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5995 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5995 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pinnacle VideoSpin (HKLM-x32\...\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}) (Version: 2.0.0.669 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6192 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Rome - Total War(TM) (HKLM-x32\...\InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}) (Version: 1.0 - Ihr Firmenname)
Rome - Total War(TM) (x32 Version: 1.0 - Ihr Firmenname) Hidden
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WYSIWYG Web Builder 8  (HKLM-x32\...\WYSIWYG_Web_Builder_8) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2998117307-905345789-2759643071-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()

==================== Restore Points  =========================

26-07-2014 10:41:19 Installed Epson Event Manager
30-07-2014 09:27:33 Installed KODAK Create@Home Software (für dm)
30-07-2014 19:27:46 Removed KODAK Create@Home Software (für dm)
31-07-2014 10:11:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-01-24 12:49 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
46.163.108.190    ssc-offdilln.de

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


==================== Loaded Modules (whitelisted) =============

2012-03-15 17:35 - 2012-03-15 17:35 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-22 16:48 - 2012-01-09 20:44 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-10-10 23:48 - 2013-10-10 23:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-03 20:33 - 2014-08-03 20:33 - 00043008 _____ () c:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsqsfxv.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Christian\AppData\Roaming\Dropbox\bin\libcef.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-01-08 11:39 - 2014-04-24 11:38 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2013-05-25 12:34 - 2013-05-25 12:34 - 16033160 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Christian\Desktop\Breaking Bad:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/03/2014 06:12:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/03/2014 10:36:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/03/2014 08:24:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (08/03/2014 08:30:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/03/2014 00:15:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (08/01/2014 07:07:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/01/2014 07:07:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (08/01/2014 03:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/01/2014 03:44:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 15:42:44 unerwartet heruntergefahren.

Error: (08/01/2014 03:31:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "PLCNDIS5 NDIS Protocol Driver" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/01/2014 03:31:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff800031c5b05)C:\Windows\MEMORY.DMP080114-23946-01

Error: (08/01/2014 03:30:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎08.‎2014 um 15:29:28 unerwartet heruntergefahren.

Error: (08/01/2014 11:47:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "DIR-645",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{80FF83F9-F709-454A-9446-BC998C887ADB}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/04/2014 07:09:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/03/2014 06:12:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/03/2014 06:12:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (08/03/2014 10:36:35 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/03/2014 10:36:34 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (08/03/2014 08:24:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2014-08-01 07:26:51.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-01 07:26:51.085
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-01 07:26:51.082
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-01 07:26:51.063
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-01 07:26:51.061
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-01 07:26:51.058
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:37:56.738
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:37:56.737
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:37:56.734
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-20 20:37:56.716
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 3893.42 MB
Available physical RAM: 1447.22 MB
Total Pagefile: 7785.03 MB
Available Pagefile: 4793.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:546.25 GB) (Free:243.77 GB) NTFS
Drive d: () (Fixed) (Total:48.83 GB) (Free:48.74 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1023 MB) - (Type=12)

==================== End Of Log ============================



Scanlog Antimaleware beim ersten mal, als er was gefunden hat

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 01.08.2014
Scan Time: 06:41:21
Logfile: 111.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.01.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330953
Time Elapsed: 13 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Trojan.0Access, HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32, C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b\n., Good: (fastprox.dll), Bad: (C:\$Recycle.Bin\S-1-5-18\$46fe286b4516f027b2c781ac33660b1b\n.),Replaced,[aabb0eb38bf0f73f76754079bc48619f]

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.OptimizePro.A, C:\Users\Christian\AppData\Local\Temp\OptimizerPro_new.zip, Quarantined, [085db90836458babe76b0519d0301ce4], 
PUP.Optional.Installrex, C:\Users\Christian\AppData\Local\Temp\y_zWEGCI.exe.part, Quarantined, [a2c33889eb906dc98f586faa34cd2bd5], 
PUP.Optional.OptimizePro.A, C:\Users\Christian\AppData\Local\Temp\2bc7f693c2d13e046771d4aac84aa3fd\OptimizerPro.exe, Quarantined, [3431f3ce205b89ad262c26f8728efe02], 
PUP.Optional.OpenCandy, C:\Users\Christian\Downloads\DTLite4453-0297.exe, Quarantined, [362fd4edc2b9fd397e0ff2ee9b69ba46], 
PUP.Optional.OpenCandy, C:\Users\Christian\Downloads\Install_Mario_Forever_5_9.exe, Quarantined, [a5c0c5fc7dfe3204503d0ed27d877e82], 

Physical Sectors: 0
(No malicious items detected)


(end)

Scanlog Antimaleware beim zweiten mal

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 03.08.2014
Scan Time: 22:56:54
Logfile: 222.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.03.07
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331798
Time Elapsed: 15 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Alt 04.08.2014, 16:05   #5
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 04.08.2014, 20:48   #6
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Code:
ATTFilter
ComboFix 14-08-02.02 - Christian 04.08.2014  21:08:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.1083 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christian\Documents\~WRL0001.tmp
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-04 bis 2014-08-04  ))))))))))))))))))))))))))))))
.
.
2014-08-04 19:22 . 2014-08-04 19:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-04 19:22 . 2014-08-04 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-04 13:55 . 2014-08-04 13:57	--------	d-----w-	C:\FRST
2014-08-03 21:46 . 2014-08-03 21:46	--------	d-----w-	C:\AdwCleaner
2014-08-01 04:39 . 2014-08-04 13:58	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-01 04:39 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-01 04:39 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-01 04:39 . 2014-08-01 06:39	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 04:39 . 2014-08-01 04:39	--------	d-----w-	c:\programdata\Malwarebytes
2014-08-01 04:39 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-31 10:13 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-07-31 10:13 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-07-31 10:13 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-07-31 10:13 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-07-31 10:12 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-07-31 10:12 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-07-31 10:12 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-07-31 10:12 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-07-31 10:12 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-07-31 10:12 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-07-31 10:12 . 2014-05-14 07:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-07-31 10:12 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-07-31 10:12 . 2014-05-14 07:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-07-31 10:12 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-07-30 12:52 . 2014-07-30 12:52	--------	d-----w-	c:\users\Christian\AppData\Roaming\MPC
2014-07-30 12:51 . 2014-07-30 12:51	--------	d-----w-	c:\users\Christian\.kodakch
2014-07-30 09:28 . 2014-07-30 19:30	--------	d-----w-	c:\program files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 09:26 . 2014-07-30 09:26	--------	d-----w-	c:\users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-26 10:56 . 2014-07-26 11:05	--------	d-----w-	c:\users\Christian\AppData\Roaming\Epson
2014-07-26 10:42 . 2014-07-26 10:43	--------	d-----w-	c:\program files (x86)\Epson Software
2014-07-26 10:40 . 2012-07-24 22:00	93696	----a-w-	c:\windows\system32\esxw2_a1.dll
2014-07-26 10:40 . 2012-07-24 22:00	345600	----a-w-	c:\windows\system32\esxuina1.dll
2014-07-26 10:40 . 2012-07-09 23:00	65793	----a-w-	c:\windows\system32\esfwa1.bin
2014-07-26 10:40 . 2012-07-09 22:00	319488	----a-w-	c:\windows\SysWow64\esinta1.dll
2014-07-26 10:40 . 2011-12-11 22:00	135824	----a-w-	c:\windows\system32\escsvc64.exe
2014-07-26 10:40 . 2014-07-26 10:42	--------	d-----w-	c:\program files (x86)\epson
2014-07-24 08:42 . 2014-07-24 08:42	--------	d-----w-	c:\users\Christian\AppData\Local\Skype
2014-07-24 08:42 . 2014-07-24 08:42	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-07-24 08:42 . 2014-07-24 08:42	--------	d-----r-	c:\program files (x86)\Skype
2014-07-24 08:41 . 2014-08-01 14:36	--------	d-----w-	c:\programdata\Skype
2014-07-07 19:22 . 2014-07-07 19:25	--------	d-----w-	C:\ArcTemp
2014-07-07 19:20 . 2014-07-07 19:22	--------	d-----w-	c:\users\Christian\AppData\Roaming\Arc
2014-07-07 19:18 . 2014-07-07 19:25	--------	d-----w-	c:\program files (x86)\Perfect World Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-03 21:17 . 2012-01-21 13:16	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4978064-B947-4A16-B163-5587F0D8554F}\offreg.dll
2014-08-03 10:13 . 2013-10-17 14:47	29280	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2014-08-03 10:13 . 2013-10-17 14:47	625248	----a-w-	c:\windows\system32\drivers\klif.sys
2014-08-03 10:12 . 2013-06-08 19:18	115296	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-07-24 20:16 . 2013-01-27 13:36	103736	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2007-05-16 15:45 . 2012-02-11 21:56	4496232	----a-w-	c:\program files (x86)\d3dx9_34.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	131480	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Adobe Driver Update"="c:\users\CHRIST~1\AppDa" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-02 21648480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-12-20 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ROCCAT Savu Gaming Mouse"="c:\program files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-10-10 707984]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\plcndis5.sys;c:\windows\SYSNATIVE\plcndis5.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04	164760	----a-w-	c:\users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-20 11465320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-20 2120808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 415256]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.0.9
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-04  21:44:22
ComboFix-quarantined-files.txt  2014-08-04 19:44
.
Vor Suchlauf: 13 Verzeichnis(se), 261.737.906.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 264.889.057.280 Bytes frei
.
- - End Of File - - 16264E93207E05F9D3D3906F68E0FD50
A36C5E4F47E84449FF07ED3517B43A31




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christian (administrator) on CHRISTIAN-PC on 04-08-2014 21:47:30
Running from C:\Users\Christian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465320 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Microsoft Adobe Driver Update] => C:\Users\CHRIST~1\AppD
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB0C2A79BC57CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.9

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default
FF NetworkProxy: "ftp", "proxyus1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-21]
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-10]
FF Extension: Video HTML5 Player Free - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{60d5d1b1-a4e6-4d21-a4bd-c316fe418af6}.xpi [2013-11-14]
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-17]
FF Extension: Greasemonkey - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-07]
FF Extension: {ea619470-9fc9-4afa-9ca1-7181142f277b} - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{ea619470-9fc9-4afa-9ca1-7181142f277b}.xpi [2013-11-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-07-02] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-03-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-08-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 PLCNDIS5; \SystemRoot\system32\plcndis5.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 21:44 - 2014-08-04 21:44 - 00018644 _____ () C:\ComboFix.txt
2014-08-04 21:04 - 2014-08-04 21:45 - 00000000 ____D () C:\Qoobox
2014-08-04 21:04 - 2014-08-04 21:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-04 21:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-04 21:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-04 21:00 - 2014-08-04 21:00 - 05566616 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2014-08-04 15:55 - 2014-08-04 21:47 - 00020914 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 21:47 - 00000000 ____D () C:\FRST
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-01 15:30 - 2014-08-01 15:31 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 06:39 - 2014-08-04 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 06:39 - 2014-08-01 08:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 06:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 06:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 12:13 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 12:13 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 12:13 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 12:13 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 12:12 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 12:12 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 12:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 11:28 - 2014-07-30 21:30 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:00 - 2014-07-30 11:11 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:30 - 2014-07-29 19:31 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:03 - 2014-07-29 10:04 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:01 - 2014-07-26 13:41 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 12:56 - 2014-07-26 13:24 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 12:56 - 2014-07-26 13:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:40 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 12:40 - 2012-07-25 00:00 - 00345600 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxuina1.dll
2014-07-26 12:40 - 2012-07-25 00:00 - 00093696 _____ (Seiko Epson Corporation.) C:\Windows\system32\esxw2_a1.dll
2014-07-26 12:40 - 2012-07-10 01:00 - 00065793 _____ () C:\Windows\system32\esfwa1.bin
2014-07-26 12:40 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\SysWOW64\esinta1.dll
2014-07-26 12:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-07-24 10:42 - 2014-08-01 16:36 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 10:42 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:41 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:01 - 2014-07-10 13:02 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-07 21:22 - 2014-07-07 21:25 - 00000000 ____D () C:\ArcTemp
2014-07-07 21:20 - 2014-07-07 21:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:47 - 2014-07-06 18:48 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 21:48 - 2014-08-04 15:55 - 00020914 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 21:47 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 21:47 - 2012-01-18 21:06 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2014-08-04 21:45 - 2014-08-04 21:04 - 00000000 ____D () C:\Qoobox
2014-08-04 21:44 - 2014-08-04 21:44 - 00018644 _____ () C:\ComboFix.txt
2014-08-04 21:37 - 2014-08-04 21:04 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-04 21:06 - 2012-01-18 19:16 - 01710453 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 21:00 - 2014-08-04 21:00 - 05566616 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2014-08-04 16:23 - 2012-01-18 21:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 16:13 - 2013-03-31 16:36 - 00000000 ____D () C:\Users\Christian\Desktop\Steam
2014-08-04 16:03 - 2012-01-20 09:53 - 00000000 ____D () C:\Users\Christian\Desktop\Uni Siegen
2014-08-04 15:58 - 2014-08-01 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 15:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-04 15:23 - 2014-06-17 21:46 - 00000000 ____D () C:\Users\Christian\Documents\Citavi 4
2014-08-04 07:09 - 2010-05-12 10:18 - 26474590 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 07:09 - 2010-05-12 10:18 - 08556840 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 07:09 - 2009-07-14 07:13 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 23:46 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-03 23:22 - 2014-06-19 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-03 20:35 - 2012-01-23 11:34 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-08-03 20:34 - 2012-01-23 11:27 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-08-03 20:32 - 2013-02-25 13:54 - 00000105 _____ () C:\Windows\Brownie.ini
2014-08-03 20:30 - 2012-01-18 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 20:30 - 2009-07-14 06:51 - 00121277 _____ () C:\Windows\setupact.log
2014-08-03 19:30 - 2014-03-16 20:11 - 00000000 ____D () C:\Users\Christian\AppData\Local\Battle.net
2014-08-03 12:52 - 2012-06-18 20:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\TS3Client
2014-08-03 12:13 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-03 12:13 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-03 12:12 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-01 16:36 - 2014-07-24 10:42 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-01 16:36 - 2014-07-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-01 16:36 - 2014-07-24 10:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-01 15:31 - 2014-08-01 15:30 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 15:30 - 2012-02-14 15:15 - 448935437 _____ () C:\Windows\MEMORY.DMP
2014-08-01 15:30 - 2012-02-14 15:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 15:30 - 2012-01-18 19:43 - 00278344 _____ () C:\Windows\PFRO.log
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 08:39 - 2014-08-01 06:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 07:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:12 - 2014-03-16 20:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 21:30 - 2014-07-30 11:28 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 14:51 - 2012-01-18 19:24 - 00000000 ____D () C:\Users\Christian
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:11 - 2014-07-30 11:00 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:31 - 2014-07-29 19:30 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:04 - 2014-07-29 10:03 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:41 - 2014-07-26 13:01 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 13:35 - 2012-12-14 00:12 - 00000000 ____D () C:\Users\Christian\Documents\Eigene PSP-Dateien
2014-07-26 13:24 - 2014-07-26 12:56 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 13:05 - 2014-07-26 12:56 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:42 - 2014-07-26 12:40 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:42 - 2012-01-18 19:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 08:32 - 2012-01-23 11:34 - 00001033 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-07-26 08:32 - 2012-01-23 11:28 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 12:03 - 2014-03-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 22:16 - 2013-01-27 15:36 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-15 14:21 - 2013-12-14 21:08 - 00000000 ____D () C:\Users\Christian\Desktop\Breaking Bad
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:02 - 2014-07-10 13:01 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-08 13:08 - 2013-08-12 23:27 - 00000000 ____D () C:\Users\Christian\Desktop\T
2014-07-07 21:27 - 2012-03-04 14:11 - 00111109 _____ () C:\Windows\DirectX.log
2014-07-07 21:25 - 2014-07-07 21:22 - 00000000 ____D () C:\ArcTemp
2014-07-07 21:25 - 2014-07-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:22 - 2014-07-07 21:20 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:48 - 2014-07-06 18:47 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 07:45

==================== End Of Log ============================
--- --- ---
Alt 04.08.2014, 20:51   #7
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 04.08.2014, 22:00   #8
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Ich bin nicht sicher ob der Adwarecleaner richtig ausgeführt wurde. Als lange "bitte gedulden sie sich, wöhlen sie das ab was sie nicht löschen wollen" (so grob zitiert) stand, habe ich auf löschen geklickt.
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 04/08/2014 um 22:29:00
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christian - CHRISTIAN-PC
# Gestartet von : C:\Users\Christian\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16576


-\\ Mozilla Firefox v

[ Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [992 octets] - [03/08/2014 23:46:10]
AdwCleaner[R1].txt - [1051 octets] - [04/08/2014 22:11:09]
AdwCleaner[S0].txt - [974 octets] - [04/08/2014 22:29:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1033 octets] ##########


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Christian on 04.08.2014 at 22:38:10,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.08.2014 at 22:44:40,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 04.08.2014
Scan Time: 22:45:03
Logfile: 123.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.03.07
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Christian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337009
Time Elapsed: 10 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Christian (administrator) on CHRISTIAN-PC on 04-08-2014 22:59:22
Running from C:\Users\Christian\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465320 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-12-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Microsoft Adobe Driver Update] => C:\Users\CHRIST~1\AppD
HKU\S-1-5-21-2998117307-905345789-2759643071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christian\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEB0C2A79BC57CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.9

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default
FF NetworkProxy: "ftp", "proxyus1.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus1.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus1.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus1.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: YouTube Unblocker - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-21]
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\stealthyextension@gmail.com.xpi [2012-07-10]
FF Extension: Video HTML5 Player Free - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{60d5d1b1-a4e6-4d21-a4bd-c316fe418af6}.xpi [2013-11-14]
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-17]
FF Extension: Greasemonkey - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-07]
FF Extension: {ea619470-9fc9-4afa-9ca1-7181142f277b} - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\6b8sj8g0.default\Extensions\{ea619470-9fc9-4afa-9ca1-7181142f277b}.xpi [2013-11-07]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2014-06-19]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2014-06-19]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-07-02] (Perfect World Entertainment Inc)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-03-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-08-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 PLCNDIS5; \SystemRoot\system32\plcndis5.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 22:58 - 2014-08-04 22:58 - 00001059 _____ () C:\Users\Christian\Desktop\123.txt
2014-08-04 22:44 - 2014-08-04 22:44 - 00000629 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-08-04 22:38 - 2014-08-04 22:38 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 22:37 - 2014-08-04 22:37 - 01016261 _____ (Thisisu) C:\Users\Christian\Desktop\JRT.exe
2014-08-04 21:44 - 2014-08-04 21:44 - 00018644 _____ () C:\ComboFix.txt
2014-08-04 21:04 - 2014-08-04 21:45 - 00000000 ____D () C:\Qoobox
2014-08-04 21:04 - 2014-08-04 21:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-04 21:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-04 21:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-04 21:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-04 21:00 - 2014-08-04 21:00 - 05566616 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2014-08-04 15:55 - 2014-08-04 22:59 - 00020669 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 15:55 - 2014-08-04 22:59 - 00000000 ____D () C:\FRST
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-03 23:46 - 2014-08-04 22:29 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-01 15:30 - 2014-08-01 15:31 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 06:39 - 2014-08-04 22:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 06:39 - 2014-08-01 08:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 06:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 06:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-31 12:13 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 12:13 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 12:13 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 12:13 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 12:12 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 12:12 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 12:12 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 12:12 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 12:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 11:28 - 2014-07-30 21:30 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:00 - 2014-07-30 11:11 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:30 - 2014-07-29 19:31 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:03 - 2014-07-29 10:04 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:01 - 2014-07-26 13:41 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 12:56 - 2014-07-26 13:24 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 12:56 - 2014-07-26 13:05 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:42 - 2014-07-26 12:43 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:40 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 12:40 - 2012-07-25 00:00 - 00345600 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxuina1.dll
2014-07-26 12:40 - 2012-07-25 00:00 - 00093696 _____ (Seiko Epson Corporation.) C:\Windows\system32\esxw2_a1.dll
2014-07-26 12:40 - 2012-07-10 01:00 - 00065793 _____ () C:\Windows\system32\esfwa1.bin
2014-07-26 12:40 - 2012-07-10 00:00 - 00319488 _____ (SEIKO EPSON CORP.) C:\Windows\SysWOW64\esinta1.dll
2014-07-26 12:40 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2014-07-24 10:42 - 2014-08-01 16:36 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 10:42 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:41 - 2014-08-01 16:36 - 00000000 ____D () C:\ProgramData\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:01 - 2014-07-10 13:02 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-07 21:22 - 2014-07-07 21:25 - 00000000 ____D () C:\ArcTemp
2014-07-07 21:20 - 2014-07-07 21:22 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:25 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:47 - 2014-07-06 18:48 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 22:59 - 2014-08-04 15:55 - 00020669 _____ () C:\Users\Christian\Desktop\FRST.txt
2014-08-04 22:59 - 2014-08-04 15:55 - 00000000 ____D () C:\FRST
2014-08-04 22:59 - 2012-01-18 21:06 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Skype
2014-08-04 22:58 - 2014-08-04 22:58 - 00001059 _____ () C:\Users\Christian\Desktop\123.txt
2014-08-04 22:50 - 2012-01-18 19:16 - 01744499 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 22:44 - 2014-08-04 22:44 - 00000629 _____ () C:\Users\Christian\Desktop\JRT.txt
2014-08-04 22:44 - 2014-08-01 06:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 22:41 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-04 22:41 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-04 22:38 - 2014-08-04 22:38 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 22:37 - 2014-08-04 22:37 - 01016261 _____ (Thisisu) C:\Users\Christian\Desktop\JRT.exe
2014-08-04 22:34 - 2012-01-23 11:34 - 00000000 ___RD () C:\Users\Christian\Dropbox
2014-08-04 22:33 - 2012-01-18 21:13 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-04 22:32 - 2012-01-23 11:27 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Dropbox
2014-08-04 22:31 - 2013-02-25 13:54 - 00000105 _____ () C:\Windows\Brownie.ini
2014-08-04 22:30 - 2014-06-19 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-04 22:30 - 2012-01-18 19:43 - 00280032 _____ () C:\Windows\PFRO.log
2014-08-04 22:30 - 2012-01-18 19:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-04 22:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 22:30 - 2009-07-14 06:51 - 00121333 _____ () C:\Windows\setupact.log
2014-08-04 22:29 - 2014-08-03 23:46 - 00000000 ____D () C:\AdwCleaner
2014-08-04 22:07 - 2014-03-16 20:11 - 00000000 ____D () C:\Users\Christian\AppData\Local\Battle.net
2014-08-04 21:45 - 2014-08-04 21:04 - 00000000 ____D () C:\Qoobox
2014-08-04 21:45 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-04 21:44 - 2014-08-04 21:44 - 00018644 _____ () C:\ComboFix.txt
2014-08-04 21:37 - 2014-08-04 21:04 - 00000000 ____D () C:\Windows\erdnt
2014-08-04 21:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-04 21:00 - 2014-08-04 21:00 - 05566616 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2014-08-04 16:13 - 2013-03-31 16:36 - 00000000 ____D () C:\Users\Christian\Desktop\Steam
2014-08-04 16:03 - 2012-01-20 09:53 - 00000000 ____D () C:\Users\Christian\Desktop\Uni Siegen
2014-08-04 15:54 - 2014-08-04 15:54 - 02094080 _____ (Farbar) C:\Users\Christian\Desktop\FRST64.exe
2014-08-04 15:23 - 2014-06-17 21:46 - 00000000 ____D () C:\Users\Christian\Documents\Citavi 4
2014-08-04 07:09 - 2010-05-12 10:18 - 26474590 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 07:09 - 2010-05-12 10:18 - 08556840 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 07:09 - 2009-07-14 07:13 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 23:45 - 2014-08-03 23:45 - 01361309 _____ () C:\Users\Christian\Desktop\adwcleaner_3.302.exe
2014-08-03 23:23 - 2014-08-03 23:23 - 00000198 _____ () C:\Users\Christian\Desktop\male.txt
2014-08-03 12:52 - 2012-06-18 20:15 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\TS3Client
2014-08-03 12:13 - 2013-10-17 16:47 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-03 12:13 - 2013-10-17 16:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-08-03 12:12 - 2013-06-08 21:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-01 16:36 - 2014-07-24 10:42 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-01 16:36 - 2014-07-24 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-01 16:36 - 2014-07-24 10:41 - 00000000 ____D () C:\ProgramData\Skype
2014-08-01 15:31 - 2014-08-01 15:30 - 00300272 _____ () C:\Windows\Minidump\080114-23946-01.dmp
2014-08-01 15:30 - 2012-02-14 15:15 - 448935437 _____ () C:\Windows\MEMORY.DMP
2014-08-01 15:30 - 2012-02-14 15:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 11:04 - 2014-08-01 11:04 - 00244408 _____ () C:\Users\Christian\Desktop\Firefox Setup Stub 31.0.exe
2014-08-01 08:39 - 2014-08-01 06:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-01 07:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-01 06:39 - 2014-08-01 06:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-01 06:39 - 2014-08-01 06:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 06:12 - 2014-03-16 20:39 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-31 00:02 - 2014-07-31 00:02 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-07-30 21:30 - 2014-07-30 11:28 - 00000000 ____D () C:\Program Files (x86)\KODAK Create@Home Software (für dm)
2014-07-30 14:52 - 2014-07-30 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\MPC
2014-07-30 14:51 - 2014-07-30 14:51 - 00000000 ____D () C:\Users\Christian\.kodakch
2014-07-30 14:51 - 2012-01-18 19:24 - 00000000 ____D () C:\Users\Christian
2014-07-30 11:26 - 2014-07-30 11:26 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Eastman Kodak Company
2014-07-30 11:11 - 2014-07-30 11:00 - 102239928 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome(1).exe
2014-07-29 19:31 - 2014-07-29 19:30 - 27581922 _____ (Eastman Kodak Company) C:\Users\Christian\Downloads\KodakCreateHome.exe
2014-07-29 10:04 - 2014-07-29 10:03 - 00024625 _____ () C:\Users\Christian\Downloads\WtW.gp5
2014-07-26 13:41 - 2014-07-26 13:01 - 00000000 ____D () C:\Users\Christian\Desktop\opa
2014-07-26 13:35 - 2012-12-14 00:12 - 00000000 ____D () C:\Users\Christian\Documents\Eigene PSP-Dateien
2014-07-26 13:24 - 2014-07-26 12:56 - 00000367 _____ () C:\Users\Christian\Sti_Trace.log
2014-07-26 13:05 - 2014-07-26 12:56 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Epson
2014-07-26 12:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-26 12:43 - 2014-07-26 12:43 - 00002449 _____ () C:\Users\Public\Desktop\Epson Benutzerhandbuch EPSON Perfection V600 Photo.lnk
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 12:43 - 2014-07-26 12:42 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 12:42 - 2014-07-26 12:40 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 12:42 - 2012-01-18 19:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 12:40 - 2014-07-26 12:40 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 12:40 - 2014-07-26 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 08:32 - 2012-01-23 11:34 - 00001033 _____ () C:\Users\Christian\Desktop\Dropbox.lnk
2014-07-26 08:32 - 2012-01-23 11:28 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 12:03 - 2014-03-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 22:16 - 2013-01-27 15:36 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 10:42 - 2014-07-24 10:42 - 00000000 ____D () C:\Users\Christian\AppData\Local\Skype
2014-07-24 10:40 - 2014-07-24 10:40 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Christian\Downloads\SkypeSetup.exe
2014-07-15 15:37 - 2014-07-15 15:37 - 00098688 _____ () C:\Users\Christian\Downloads\Guns N Roses - Sweet Child O Mine (Pro).gp4
2014-07-15 15:01 - 2014-07-15 15:01 - 00039749 _____ () C:\Users\Christian\Downloads\Rise Against - I Dont Want To Be Here Anymore (Pro).gpx
2014-07-15 14:21 - 2013-12-14 21:08 - 00000000 ____D () C:\Users\Christian\Desktop\Breaking Bad
2014-07-13 12:00 - 2014-07-13 12:00 - 00048625 _____ () C:\Users\Christian\Downloads\Rise Against - The Strength To Go On (Pro).gp5
2014-07-11 09:46 - 2014-07-11 09:46 - 00488685 _____ () C:\Users\Christian\Downloads\Marketingeffizienz-14Juli2010.ashx
2014-07-10 18:45 - 2014-07-10 18:45 - 00027085 _____ () C:\Users\Christian\Downloads\Billy Talent - Sympathy (Pro).gp5
2014-07-10 13:02 - 2014-07-10 13:01 - 00051142 _____ () C:\Users\Christian\Downloads\empathy -rev2.gp5
2014-07-10 11:34 - 2014-07-10 11:34 - 00098168 _____ () C:\Users\Christian\Downloads\Billy Talent - This Suffering (Pro).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014(1).gp5
2014-07-10 11:33 - 2014-07-10 11:33 - 00002523 _____ () C:\Users\Christian\Downloads\fake guitar anschlag.gp5
2014-07-08 13:08 - 2013-08-12 23:27 - 00000000 ____D () C:\Users\Christian\Desktop\T
2014-07-07 21:27 - 2012-03-04 14:11 - 00111109 _____ () C:\Windows\DirectX.log
2014-07-07 21:25 - 2014-07-07 21:22 - 00000000 ____D () C:\ArcTemp
2014-07-07 21:25 - 2014-07-07 21:18 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-07-07 21:22 - 2014-07-07 21:20 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Arc
2014-07-07 21:20 - 2014-07-07 21:20 - 00001842 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-07-07 21:20 - 2014-07-07 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-07-07 21:18 - 2014-07-07 21:18 - 09686176 _____ (Perfect World Entertainment) C:\Users\Christian\Downloads\ArcInstall_v20140625a.exe
2014-07-06 18:48 - 2014-07-06 18:47 - 00041529 _____ () C:\Users\Christian\Downloads\05.07.2014.gp5

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbvogd9.dll
C:\Users\Christian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 07:45

==================== End Of Log ============================
--- --- ---
Alt 05.08.2014, 07:42   #9
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Der ESET Scan dauert i.d.R. etwas länger:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 05.08.2014, 07:47   #10
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Info an dich: ich werd es erst heute Nachmittag schaffen, also musst du dich bis dahin nicht hier um mich kümmern

Alt 05.08.2014, 08:24   #11
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Keine Angst, ich reagiere nur auf Zuruf bzw. Postings im Thema ^^
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 05.08.2014, 16:22   #12
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


SecurityCheck sagt mir

UNSUPPORTED OPERATING SYSTEM! ABORTED!


wenn ich eine taste zum starten drücke.

Alt 05.08.2014, 21:19   #13
Warlord711
/// TB-Ausbilder
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Zitat:
Zitat von Froop Beitrag anzeigen
SecurityCheck sagt mir

UNSUPPORTED OPERATING SYSTEM! ABORTED!


wenn ich eine taste zum starten drücke.
Ok, was sagt ESET ?

Security Check würde sagen:
  • IE 10 veraltet
  • Flash veraltet
  • Java veraltet
  • Adobe Reader veraltet
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 06.08.2014, 09:54   #14
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bad5d0a9db694144859c69ab913b6b32
# engine=19521
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-06 08:34:00
# local_time=2014-08-06 10:34:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 127600 38788462 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 213398 158943890 0 0
# scanned=240561
# found=1
# cleaned=0
# scan_time=8972
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Christian\Downloads\ccsetup315.exe"

Alt 08.08.2014, 12:20   #15
Froop
 
98uj8.de- auch ich bin betroffen - Standard

98uj8.de- auch ich bin betroffen


Zitat:
Zitat von Warlord711 Beitrag anzeigen
Keine Angst, ich reagiere nur auf Zuruf bzw. Postings im Thema ^^
:P *refresh* (hoffe das ist nicht verboten :/ )

Antwort
Seite 1 von 2 1 2

Themen zu 98uj8.de- auch ich bin betroffen
anti maleware, antimaleware, beiträge, browser, deinstalliert, gefunde, kaspersky, konnte, malewarebytes, pup.optional.installrex, pup.optional.opencandy, pup.optional.optimizepro.a, system, trojan.0access, win32/bundled.toolbar.google.e


« Virus, unerwünschte Werbung, .exe | eh86.com download-Link »


Ähnliche Themen: 98uj8.de- auch ich bin betroffen


  1. auch von Positive Finds ad betroffen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (17)
  2. HTML/Crypted.Gen - bin auch betroffen
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  3. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de hat sich gestern mehrmals selbstständig geöffnet
    Log-Analyse und Auswertung - 12.08.2014 (21)
  4. Auch mich hat es mit 98uj8 erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (9)
  5. h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad 98uj8.de öffnet sich selbstständig
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (17)
  6. nationzoom -bin auch betroffen
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (4)
  7. AUch von Better surf betroffen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (19)
  8. More for you... auch ich bin betroffen
    Log-Analyse und Auswertung - 22.10.2012 (5)
  9. Web.de Abuse Team.....Heim PC auch betroffen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (13)
  10. GVU Trojaner bin leider auch betroffen
    Log-Analyse und Auswertung - 14.08.2012 (13)
  11. AKM Virus. Auch ich bin betroffen -.-
    Log-Analyse und Auswertung - 23.05.2012 (4)
  12. Auch vom 50€ AKM-Virus betroffen
    Log-Analyse und Auswertung - 20.05.2012 (1)
  13. Auch ich bin/war betroffen: 50 Euro-Trojaner auf windows xp
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (23)
  14. BKA Maleware - Auch ich bin betroffen
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (83)
  15. 50€ Trojaner - auch betroffen
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (6)
  16. Auch Arcor war von Datenklau betroffen
    Nachrichten - 15.03.2010 (0)
  17. 1&1Trojaner! Bin auch betroffen! Was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2007 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 98uj8.de- auch ich bin betroffen - Hallo, auch mit hat die "98uj8.de-maleware" erwischt. Letzte Woche bekam ich ihn. Mit Malewarebytes Anti Maleware habe ich ihn entfern. Firefox deinstalliert und neu installiert. Gestern kam er leider wieder. - 98uj8.de- auch ich bin betroffen...
Archiv
Du betrachtest: 98uj8.de- auch ich bin betroffen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131