Hallo liebe Trojaner Board leser,

und zwar habe ich mir Heute mit dem öffnen einer Winrar Datei den Trojaner "Trojan.Win32.Chifrax.a" eingefangen. (Den Schädling erhielt ich anscheinend durch einen download einer Freeware)

Mein Kaspersky Internet Security 2012 hat sofort Alarm geschlagen und versucht den Schädling ausfindig zu machen und in Quarantäne zu verschieben. Jedoch kam es nichtmal so weit den die Datei konnte laut Kaspersky nicht verschoben oder gelöscht werden.

Daraufhin ließen sich keine .exe Dateien mehr öffnen, jedoch funktionierten noch laufende Programme wie Kaspersky, Teamspeak, League of Legends oder der Steamclient. Der Taskmanager konnte ebenfalls nicht geöffnet werden, jedoch funktionierte die STRG+Alt+Entf Kombination.

Ich löschte die Dateien also manuell via CCleaner.

Mit Kaspersky startete ich auf Verdacht das sich der Schädling dubliziert hat, eine Bedrohungssuche, jedoch ohne Ergebnis. Danach startete sich der Computer neu.

Schon beim Einloggen (nicht Hochfahren), bemerkte ich das vieles unnatürlich langsam lief, selbst der Desktop baute sich sehr langsam auf oder ladete Icons mehrfach neu.

Direkt machte ich einen Bedrohungssuchlauf mit Malwarebytes. (ohne Aktualisierung)

Log 1:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.08.2014
Suchlauf-Zeit: 21:34:18
Logdatei: Log1.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Pauls PC

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 229729
Verstrichene Zeit: 16 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [ea5f15ea3347d56158b4a4f0a55d8080], 
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [a5a419e6e8920a2c14f8672df50d9868], 
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [50f95aa504766bcb0705850fa45e7789], 
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [2f1a51ae4931e55132da00940bf7ee12], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [56f3f40b691167cf8f225717718f06fa], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Danach startete der Computer neu. Er lief schneller als beim vorigem Mal, jedoch immernoch langsamer als normal. Daraufhin machte ich noch einen Durchlauf mit MBAM (mit Aktualisierung).

Log 2:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.08.2014
Suchlauf-Zeit: 21:57:17
Logdatei: Log2.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.09.06
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Pauls PC

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 285728
Verstrichene Zeit: 6 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.FreeGames.A, HKU\S-1-5-21-4102823070-225733025-20569267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C45EC9F0-8333-465D-9728-074BD41985C9}, In Quarantäne, [0486c2026e0d30066a7791d77f83d828], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-4102823070-225733025-20569267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3324424&octid=EB_ORIGINAL_CTID&ISID=M8BA7F187-B753-451B-AA20-A5F7411D309C&SearchSource=55&CUI=&UM=5&UP=SP121883C9-830E-45AA-8E42-DD276DF44869&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3324424&octid=EB_ORIGINAL_CTID&ISID=M8BA7F187-B753-451B-AA20-A5F7411D309C&SearchSource=55&CUI=&UM=5&UP=SP121883C9-830E-45AA-8E42-DD276DF44869&SSPV=),Ersetzt,[fd8d4282cead8ea881570fae669ef907]

Ordner: 1
PUP.Optional.SoftwareUpdater.A, C:\Users\Pauls PC\AppData\Local\SwvUpdater, In Quarantäne, [1179289cd7a4ea4c1e44a438e41e25db], 

Dateien: 2
PUP.Optional.SoftwareUpdater.A, C:\Users\Pauls PC\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [1179289cd7a4ea4c1e44a438e41e25db], 
PUP.Optional.SoftwareUpdater.A, C:\Users\Pauls PC\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [1179289cd7a4ea4c1e44a438e41e25db], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Alle gefundenen Daten wurden in die Quarantäne verschoben.

Nun frage ich mich ob mein Computer noch weiter infiziert ist oder sich das Problem via MBAM bereinigt hat.

Mit freundlichen Grüßen

Paul S.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Erstmal danke für die schnelle Hilfe

So und hier die gefragten Textdateien

FRST.txt & Addition.txt



FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by Pauls PC (administrator) on PAULS-PC on 10-08-2014 07:33:42
Running from C:\Users\Pauls PC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
(LogMeIn Inc.) H:\Programme - Setups\Hamachi\hamachi-2.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => H:\Programme - Setups\Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-4102823070-225733025-20569267-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4102823070-225733025-20569267-1000\...\MountPoints2: {766b4d1d-ee64-11e2-a132-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-4102823070-225733025-20569267-1000\...\MountPoints2: {c4b24fcc-16f7-11e3-86a3-6c626dcd47e1} - E:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.microsoft.com/fwlink/?linkid=69157
hxxp://www.giga.de/software/
SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-12-25]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - I:\Kaspersky Internet Security\ChromeExt\urladvisor.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - I:\Kaspersky Internet Security\ChromeExt\virtkbd.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - I:\Kaspersky Internet Security\ChromeExt\ab.crx [2011-10-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2430304 2009-12-24] (Diskeeper Corporation)
R2 Hamachi2Svc; H:\Programme - Setups\Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2374656 2011-02-08] (Atheros Communications, Inc.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [51120 2009-12-10] (Diskeeper Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-09-07] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-07-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2014-08-09] (secr9tos) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 07:33 - 2014-08-10 07:34 - 00013502 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 07:33 - 2014-08-10 07:33 - 00000000 ____D () C:\FRST
2014-08-10 07:31 - 2014-08-10 07:32 - 02093568 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-10 07:28 - 2014-08-10 07:28 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-09 22:52 - 2014-08-09 22:52 - 00000350 _____ () C:\Windows\PFRO.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000056 _____ () C:\Windows\setupact.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 21:54 - 2014-08-10 02:44 - 00094496 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 21:33 - 2014-08-09 21:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 21:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 21:29 - 2014-08-09 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-04 15:03 - 2014-08-07 08:14 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-07-31 07:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 07:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 07:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:52 - 2014-07-30 00:53 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 07:34 - 2014-08-10 07:33 - 00013502 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 07:33 - 2014-08-10 07:33 - 00000000 ____D () C:\FRST
2014-08-10 07:32 - 2014-08-10 07:31 - 02093568 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-10 07:28 - 2014-08-10 07:28 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-10 07:24 - 2013-07-18 00:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 05:53 - 2013-07-18 00:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-10 02:44 - 2014-08-09 21:54 - 00094496 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 23:00 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 23:00 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 22:55 - 2013-12-21 02:21 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Battle.net
2014-08-09 22:53 - 2013-08-16 22:20 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\LogMeIn Hamachi
2014-08-09 22:52 - 2014-08-09 22:52 - 00000350 _____ () C:\Windows\PFRO.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000056 _____ () C:\Windows\setupact.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 22:52 - 2013-07-16 21:10 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2014-08-09 22:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 21:56 - 2014-08-09 21:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:52 - 2014-04-18 17:02 - 00000000 ____D () C:\Windows\jre
2014-08-09 21:51 - 2014-04-27 02:21 - 00000448 _____ () C:\Windows\system32\RW_{2D641267-CBC4-11E3-8117-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00292608 _____ () C:\Windows\system32\RW_FileType.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00008890 _____ () C:\Windows\system32\RW_AppData.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00007525 _____ () C:\config.xml
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B5-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B1-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2E-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2C-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00001120 _____ () C:\Windows\system32\RW_{5CB93F2B-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000636 _____ () C:\Windows\system32\RW_FileFlag.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000000 _____ () C:\Windows\system32\AdmList.txt
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 21:32 - 2013-09-07 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-09 16:45 - 2013-07-17 23:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-07 08:14 - 2014-08-04 15:03 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-06 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 17:47 - 2013-07-17 23:11 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Skype
2014-08-04 15:03 - 2014-07-01 02:00 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Adobe
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-08-04 14:15 - 2013-12-26 01:01 - 00000000 ____D () C:\Users\Pauls PC\Desktop\PS Zeichnungen
2014-07-30 10:35 - 2013-08-07 15:27 - 00000000 ____D () C:\Users\Pauls PC\Documents\Diablo III
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:53 - 2014-07-30 00:52 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-25 12:59 - 2013-07-17 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-08-07 18:51

==================== End Of Log ============================
         

--- --- ---



Addition:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2014 01
Ran by Pauls PC at 2014-08-10 07:34:24
Running from C:\Users\Pauls PC\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.4272 - DsNET Corp)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.0.396 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.1.3.0244 - DT Soft Ltd) <==== ATTENTION
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Diskeeper 2010  (HKLM\...\{67D477F8-E9A9-40EE-8036-3C7B4AAEE664}) (Version: 14.0.900.64 - Diskeeper Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Halo: Spartan Assault (HKLM-x32\...\Steam App 277430) (Version:  - Vanguard Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.374 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.374 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.4 - Black Tree Gaming)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 5.3 (HKLM-x32\...\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}) (Version: 5.3.120 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - )
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4102823070-225733025-20569267-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EFC968E-B24F-454F-8CA6-3DA7DA14AA5A} - System32\Tasks\AdobeAAMUpdater-1.0-Pauls-PC-Pauls PC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {AB126CA7-9896-42A9-BF27-6A23B39FAA9A} - System32\Tasks\{EEB7C56C-4B2B-46D7-9BEF-1E92BADB4737} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {B58106FA-7D61-4805-8A6D-61935A78E9B3} - System32\Tasks\Escolade => C:\Users\Pauls PC\AppData\Roaming\iPumper\Updater.exe
Task: {E8767C7A-9B80-4826-B924-FD1F84901DA7} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {F6111738-E6D0-4DD7-A341-D0106B351E78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {FA6BC794-D854-410D-BB6D-DFE09B7D57EE} - System32\Tasks\{790A8ED5-FAB0-4341-9BE9-8D5A8017CC5D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2011-06-15] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 22:31 - 2013-03-28 22:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-31 04:18 - 2014-06-21 10:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-11-19 09:33 - 2012-11-19 09:33 - 00070264 _____ () C:\Windows\system32\bdmpega64.acm
2013-12-24 22:42 - 2012-11-14 14:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-07-17 22:49 - 2008-07-11 16:03 - 00282112 _____ () C:\Windows\system\HsMgr64.exe
2013-07-17 22:49 - 2008-07-11 16:04 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2012-10-16 11:39 - 2012-10-16 11:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-07-17 22:49 - 2011-04-19 15:56 - 00143360 _____ () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () I:\Kaspersky Internet Security\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () I:\Kaspersky Internet Security\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () I:\Kaspersky Internet Security\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () I:\Kaspersky Internet Security\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () I:\Kaspersky Internet Security\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () I:\Kaspersky Internet Security\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () I:\Kaspersky Internet Security\imageformats\qgif4.dll
2014-07-23 20:49 - 2014-07-23 20:49 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/10/2014 04:05:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (08/10/2014 03:59:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/09/2014 06:16:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 31.0.0.5310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1444

Startzeit: 01cfb3ec11751b7a

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 76359d79-1fe0-11e4-a888-6c626dcd47e1

Error: (08/09/2014 07:21:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (08/09/2014 07:15:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2014 06:58:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (08/07/2014 06:52:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/07/2014 03:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Diablo III.exe, Version: 2.0.6.24641, Zeitstempel: 0x538f731d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222b2
ID des fehlerhaften Prozesses: 0xfd4
Startzeit der fehlerhaften Anwendung: 0xDiablo III.exe0
Pfad der fehlerhaften Anwendung: Diablo III.exe1
Pfad des fehlerhaften Moduls: Diablo III.exe2
Berichtskennung: Diablo III.exe3

Error: (08/07/2014 02:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11ec
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (08/06/2014 08:31:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).


System errors:
=============
Error: (08/09/2014 10:52:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/09/2014 10:52:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎08.‎2014 um 22:51:20 unerwartet heruntergefahren.

Error: (08/09/2014 09:52:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/09/2014 09:52:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎08.‎2014 um 21:51:34 unerwartet heruntergefahren.

Error: (08/09/2014 08:57:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/09/2014 08:57:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/09/2014 08:57:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎09.‎08.‎2014 um 20:56:45 unerwartet heruntergefahren.

Error: (08/09/2014 08:39:12 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/08/2014 11:01:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/08/2014 11:01:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎08.‎2014 um 04:36:09 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (08/10/2014 04:05:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (08/10/2014 03:59:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/09/2014 06:16:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe31.0.0.5310144401cfb3ec11751b7a26C:\Program Files (x86)\Mozilla Firefox\firefox.exe76359d79-1fe0-11e4-a888-6c626dcd47e1

Error: (08/09/2014 07:21:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (08/09/2014 07:15:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/07/2014 06:58:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422

Error: (08/07/2014 06:52:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/07/2014 03:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Diablo III.exe2.0.6.24641538f731dntdll.dll6.1.7601.177254ec49b8fc0000005000222b2fd401cfb23802083c80H:\Programme - Setups\Diablo III\Diablo III.exeC:\Windows\SysWOW64\ntdll.dll6de8338d-1e35-11e4-b48d-6c626dcd47e1

Error: (08/07/2014 02:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b11ec01cfb22a1226574eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle4244bba-1e2b-11e4-b48d-6c626dcd47e1

Error: (08/06/2014 08:31:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationGeplanter Prüfpunkt0x80070422


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 4095.18 MB
Available physical RAM: 1721.28 MB
Total Pagefile: 8188.55 MB
Available Pagefile: 5700.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (New HDD) (Fixed) (Total:129.75 GB) (Free:77.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:48.73 GB) (Free:33.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:736.2 GB) (Free:736.02 GB) NTFS
Drive g: () (Fixed) (Total:146.48 GB) (Free:146.39 GB) NTFS
Drive h: (Volume) (Fixed) (Total:606.45 GB) (Free:316.95 GB) NTFS
Drive i: (Volume) (Fixed) (Total:195.31 GB) (Free:78.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B12894A0)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00056E9E)
Partition 1: (Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=606 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Beide nochmal im Anhang dieser Nachricht hinzugefügt.

Mit freundlichen Grüßen

Paul S.

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

So hier der Log inkl. Text Datei im Anhang

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 14-08-06.02 - Pauls PC 10.08.2014   9:46.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.43.1031.18.4095.2102 [GMT 2:00]
ausgeführt von:: c:\users\Pauls PC\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pauls PC\AppData\Roaming\avbase.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-10 bis 2014-08-10  ))))))))))))))))))))))))))))))
.
.
2014-08-10 07:50 . 2014-08-10 07:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-10 05:33 . 2014-08-10 05:34	--------	d-----w-	C:\FRST
2014-08-09 19:33 . 2014-08-09 19:56	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-09 19:32 . 2014-08-09 19:32	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 19:32 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-09 19:32 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-04 12:23 . 2014-08-04 12:23	--------	d-----w-	c:\users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 12:23 . 2014-08-04 12:23	--------	d-----w-	c:\users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-07-28 03:02 . 2014-08-10 03:27	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB882DD-38B2-46ED-8C71-63341E1DD90B}\offreg.dll
2014-07-23 16:06 . 2014-07-14 02:12	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB882DD-38B2-46ED-8C71-63341E1DD90B}\mpengine.dll
2014-07-17 15:12 . 2014-07-17 15:12	--------	d-----w-	c:\programdata\Riot Games
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 20:52 . 2013-07-16 19:10	42496	----a-w-	c:\windows\system32\drivers\oem-drv64.sys
2014-07-08 23:24 . 2013-07-17 22:28	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 23:24 . 2013-07-17 22:28	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-24 13:10 . 2014-06-21 08:55	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-06-24 13:10 . 2014-05-31 02:18	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-06-23 16:42 . 2014-05-31 02:18	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-06-21 08:38 . 2014-05-31 02:18	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"AVP"="i:\kaspersky internet security\avp.exe" [2013-07-18 206448]
"LogMeIn Hamachi Ui"="h:\programme - setups\Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys;c:\windows\SYSNATIVE\DRIVERS\oem-drv64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;h:\programme - setups\Hamachi\hamachi-2.exe;h:\programme - setups\Hamachi\hamachi-2.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 23:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - i:\kaspersky internet security\ie_banner_deny.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Bandicam - h:\spiele - setups\Bandicam\uninstall.exe
AddRemove-Free Games 111 - c:\program files (x86)\Free Games 111\uninst.exe
AddRemove-The Elder Scrolls Online - h:\spiele - setups\uninstall\Uninstall The Elder Scrolls Online.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-10  09:51:48
ComboFix-quarantined-files.txt  2014-08-10 07:51
.
Vor Suchlauf: 7 Verzeichnis(se), 83.652.579.328 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 83.492.962.304 Bytes frei
.
- - End Of File - - 188CB715826FCBD4EB74F91FFEAA9CE7
A36C5E4F47E84449FF07ED3517B43A31
         

Mit freundlichen Grüßen

Paul S.


PS: Als ComboFix fertig war musste ich den PC neustarten, da anscheinend keine Verbindung mit dem Internet möglich war.

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi Schrauber,

hier sind die Logs, chronologisch aufsteigend angeordnet.

Mbam:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.08.2014
Suchlauf-Zeit: 11:44:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.10.01
Rootkit Datenbank: v2014.08.04.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Pauls PC

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 297270
Verstrichene Zeit: 6 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Adwclean:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v3.304 - Bericht erstellt am 10/08/2014 um 11:56:29
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Pauls PC - PAULS-PC
# Gestartet von : C:\Users\Pauls PC\Desktop\adwcleaner_3.304.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Users\Pauls PC\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Pauls PC\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Pauls PC\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Pauls PC\AppData\Roaming\PerformerSoft

***** [ Tasks ] *****

Task Gelöscht : Escolade

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Games 111

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378\prefs.js ]


*************************

AdwCleaner[R0].txt - [2950 octets] - [10/08/2014 11:54:17]
AdwCleaner[S0].txt - [2635 octets] - [10/08/2014 11:56:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2695 octets] ##########
         

JRT:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Pauls PC on 10.08.2014 at 11:59:19,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Pauls PC\AppData\Roaming\mozilla\firefox\profiles\i9mumz3g.default-1402855174378\minidumps [32 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.08.2014 at 12:05:08,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST-Log:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01
Ran by Pauls PC (administrator) on PAULS-PC on 10-08-2014 12:06:05
Running from C:\Users\Pauls PC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
(LogMeIn Inc.) H:\Programme - Setups\Hamachi\hamachi-2.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => H:\Programme - Setups\Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-12-25]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - I:\Kaspersky Internet Security\ChromeExt\urladvisor.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - I:\Kaspersky Internet Security\ChromeExt\virtkbd.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - I:\Kaspersky Internet Security\ChromeExt\ab.crx [2011-10-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2430304 2009-12-24] (Diskeeper Corporation)
R2 Hamachi2Svc; H:\Programme - Setups\Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2374656 2011-02-08] (Atheros Communications, Inc.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [51120 2009-12-10] (Diskeeper Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-09-07] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-07-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2014-08-10] (secr9tos) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 12:05 - 2014-08-10 12:05 - 00000773 _____ () C:\Users\Pauls PC\Desktop\JRT.txt
2014-08-10 11:59 - 2014-08-10 11:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 11:58 - 2014-08-10 11:58 - 00002787 _____ () C:\Users\Pauls PC\Desktop\AdwCleaner[S0].txt
2014-08-10 11:54 - 2014-08-10 11:56 - 00000000 ____D () C:\AdwCleaner
2014-08-10 11:52 - 2014-08-10 11:52 - 00001161 _____ () C:\Users\Pauls PC\Desktop\mbam.txt
2014-08-10 11:38 - 2014-08-10 12:05 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-10 11:36 - 2014-08-10 11:37 - 01016261 _____ (Thisisu) C:\Users\Pauls PC\Desktop\JRT.exe
2014-08-10 11:36 - 2014-08-10 11:36 - 01366203 _____ () C:\Users\Pauls PC\Desktop\adwcleaner_3.304.exe
2014-08-10 09:51 - 2014-08-10 09:51 - 00015331 _____ () C:\ComboFix.txt
2014-08-10 09:41 - 2014-08-10 09:51 - 00000000 ____D () C:\Qoobox
2014-08-10 09:41 - 2014-08-10 09:50 - 00000000 ____D () C:\Windows\erdnt
2014-08-10 09:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-10 09:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-10 09:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-10 09:40 - 2014-08-10 09:41 - 05568206 ____R (Swearware) C:\Users\Pauls PC\Desktop\ComboFix.exe
2014-08-10 09:29 - 2014-08-10 09:29 - 00000386 _____ () C:\Windows\DirectX.log
2014-08-10 08:52 - 2014-08-10 08:52 - 00000221 _____ () C:\Users\Pauls PC\Desktop\Defense Grid The Awakening.url
2014-08-10 07:33 - 2014-08-10 12:06 - 00012413 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 07:33 - 2014-08-10 12:06 - 00000000 ____D () C:\FRST
2014-08-10 07:31 - 2014-08-10 07:32 - 02093568 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-09 22:52 - 2014-08-10 11:57 - 00001652 _____ () C:\Windows\PFRO.log
2014-08-09 22:52 - 2014-08-10 11:57 - 00000168 _____ () C:\Windows\setupact.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 21:54 - 2014-08-10 11:56 - 00156146 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 21:33 - 2014-08-10 11:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 21:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 21:29 - 2014-08-09 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-04 15:03 - 2014-08-07 08:14 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-07-31 07:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 07:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 07:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:52 - 2014-07-30 00:53 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 12:06 - 2014-08-10 07:33 - 00012413 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 12:06 - 2014-08-10 07:33 - 00000000 ____D () C:\FRST
2014-08-10 12:06 - 2014-08-09 21:54 - 00156146 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 12:05 - 2014-08-10 12:05 - 00000773 _____ () C:\Users\Pauls PC\Desktop\JRT.txt
2014-08-10 12:05 - 2014-08-10 11:38 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-10 12:05 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 12:05 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 11:59 - 2014-08-10 11:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 11:59 - 2013-08-16 22:20 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\LogMeIn Hamachi
2014-08-10 11:58 - 2014-08-10 11:58 - 00002787 _____ () C:\Users\Pauls PC\Desktop\AdwCleaner[S0].txt
2014-08-10 11:58 - 2013-07-18 00:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-10 11:57 - 2014-08-09 22:52 - 00001652 _____ () C:\Windows\PFRO.log
2014-08-10 11:57 - 2014-08-09 22:52 - 00000168 _____ () C:\Windows\setupact.log
2014-08-10 11:57 - 2013-07-16 21:10 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2014-08-10 11:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 11:56 - 2014-08-10 11:54 - 00000000 ____D () C:\AdwCleaner
2014-08-10 11:52 - 2014-08-10 11:52 - 00001161 _____ () C:\Users\Pauls PC\Desktop\mbam.txt
2014-08-10 11:51 - 2013-07-17 23:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-10 11:44 - 2014-08-09 21:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 11:40 - 2013-12-21 02:21 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Battle.net
2014-08-10 11:37 - 2014-08-10 11:36 - 01016261 _____ (Thisisu) C:\Users\Pauls PC\Desktop\JRT.exe
2014-08-10 11:36 - 2014-08-10 11:36 - 01366203 _____ () C:\Users\Pauls PC\Desktop\adwcleaner_3.304.exe
2014-08-10 11:24 - 2013-07-18 00:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 09:51 - 2014-08-10 09:51 - 00015331 _____ () C:\ComboFix.txt
2014-08-10 09:51 - 2014-08-10 09:41 - 00000000 ____D () C:\Qoobox
2014-08-10 09:50 - 2014-08-10 09:41 - 00000000 ____D () C:\Windows\erdnt
2014-08-10 09:50 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-10 09:41 - 2014-08-10 09:40 - 05568206 ____R (Swearware) C:\Users\Pauls PC\Desktop\ComboFix.exe
2014-08-10 09:29 - 2014-08-10 09:29 - 00000386 _____ () C:\Windows\DirectX.log
2014-08-10 08:52 - 2014-08-10 08:52 - 00000221 _____ () C:\Users\Pauls PC\Desktop\Defense Grid The Awakening.url
2014-08-10 07:56 - 2013-09-07 02:52 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\uTorrent
2014-08-10 07:32 - 2014-08-10 07:31 - 02093568 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 21:52 - 2014-04-18 17:02 - 00000000 ____D () C:\Windows\jre
2014-08-09 21:51 - 2014-04-27 02:21 - 00000448 _____ () C:\Windows\system32\RW_{2D641267-CBC4-11E3-8117-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00292608 _____ () C:\Windows\system32\RW_FileType.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00008890 _____ () C:\Windows\system32\RW_AppData.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00007525 _____ () C:\config.xml
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B5-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B1-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2E-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2C-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00001120 _____ () C:\Windows\system32\RW_{5CB93F2B-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000636 _____ () C:\Windows\system32\RW_FileFlag.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000000 _____ () C:\Windows\system32\AdmList.txt
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 21:32 - 2013-09-07 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-07 08:14 - 2014-08-04 15:03 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-06 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 17:47 - 2013-07-17 23:11 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Skype
2014-08-04 15:03 - 2014-07-01 02:00 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Adobe
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-08-04 14:15 - 2013-12-26 01:01 - 00000000 ____D () C:\Users\Pauls PC\Desktop\PS Zeichnungen
2014-07-30 10:35 - 2013-08-07 15:27 - 00000000 ____D () C:\Users\Pauls PC\Documents\Diablo III
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:53 - 2014-07-30 00:52 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-25 12:59 - 2013-07-17 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

Some content of TEMP:
====================
C:\Users\Pauls PC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-08-07 18:51

==================== End Of Log ============================
         

--- --- ---


Vielen Dank für die schnellen Antworten


Mit freundlichen Grüßen

Paul S.

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Hi Schrauber,

alles ordungsgemäß ausgeführt. (SecurityCheck.exe hat allerdings nicht wirklich funktioniert)

Eset:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=079a204000216148a2d1607099ba46f7
# engine=15046
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-07 08:48:49
# local_time=2013-09-07 10:48:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1285 16777213 100 98 8211 74910879 0 0
# compatibility_mode=5893 16776573 100 94 16320 130216779 0 0
# scanned=293036
# found=3
# cleaned=3
# scan_time=5874
sh=2A7D95078F3923FDB91865F7235185AF2093A573 ft=1 fh=c71c00118a5a172c vn="a variant of Win32/CoinMiner.ES trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Pauls PC\AppData\Local\Temp\tsiVi032.dll"
sh=2A7D95078F3923FDB91865F7235185AF2093A573 ft=1 fh=c71c00118a5a172c vn="a variant of Win32/CoinMiner.ES trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Pauls PC\AppData\Local\Temp\tsiVi132.dll"
sh=2A7D95078F3923FDB91865F7235185AF2093A573 ft=1 fh=c71c00118a5a172c vn="a variant of Win32/CoinMiner.ES trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Pauls PC\AppData\Local\Temp\tsiVi232.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=079a204000216148a2d1607099ba46f7
# engine=19587
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-10 01:52:12
# local_time=2014-08-10 03:52:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1285 16777213 100 98 14051 104002682 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 37459 159308582 0 0
# scanned=442120
# found=17
# cleaned=0
# scan_time=4678
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe"
sh=7CE3756FD766C5ABF3040C21F5B7ECCE2A426B23 ft=1 fh=abdbfcd593573440 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
sh=441A2DB1E874921AB5A464A19C019F0DD218DCAA ft=1 fh=cae042f77220f344 vn="Win32/Toolbar.Zugo evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe"
sh=7EDECCD5B3DD339D0E81AFA4E880C38998A252BD ft=1 fh=3b7f89961c59fae3 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Pauls PC\Desktop\USB\aTubeCatcher_4134.exe"
sh=87F8F2CF73DEB8695FF8CD2C9863B70D638972AE ft=1 fh=7321160545a0ca5e vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Pauls PC\Desktop\USB\aTube_Catcher.exe"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Pauls PC\Desktop\USB\DTLite4471-0333.exe"
sh=663C3101F91302FA9E29727F3768FBF0F7DF359F ft=1 fh=bddc1d562ad0e1c1 vn="MSIL/HackKMS.C potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\odin.exe"
sh=ABCAE4DCFC3014920AC9D554DDDD23C1836D82C3 ft=1 fh=40a8de7d6d184c37 vn="Win32/HackKMS.M potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\drivers\oem-drv86.sys"
sh=663C3101F91302FA9E29727F3768FBF0F7DF359F ft=1 fh=bddc1d562ad0e1c1 vn="MSIL/HackKMS.C potenziell unsichere Anwendung" ac=I fn="D:\Windows\Setup\Scripts\odin.exe"
sh=ABCAE4DCFC3014920AC9D554DDDD23C1836D82C3 ft=1 fh=40a8de7d6d184c37 vn="Win32/HackKMS.M potenziell unsichere Anwendung" ac=I fn="D:\Windows\Setup\Scripts\drivers\oem-drv86.sys"
sh=4D3A73233AD2A66C8F30CC3E49B93E72F9919A0B ft=1 fh=bb1f3b8f7fe3ad85 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="H:\Programme - Setups\Bandicam\cnet2_bdcamsetup_exe.exe"
sh=88F07DB216F388A603179649D83BF1FC9AC8CB06 ft=1 fh=b538b1f51b2210a0 vn="Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung" ac=I fn="H:\Programme - Setups\Cheat Engine 6.2\cheatengine-i386.exe"
sh=CA3F51EC1897756636232998193325B830F22F26 ft=1 fh=3702c3e3af3ccb17 vn="Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung" ac=I fn="H:\Programme - Setups\Cheat Engine 6.2\standalonephase1.dat"
sh=46680736F684223AF00E310F47D47E4F2C519B8A ft=1 fh=7fc7dafcbe85cb95 vn="möglicherweise Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="H:\Programme - Setups\Core Temp\Core-Temp-setup0998.exe"
sh=DE7767E0C52753A9395168FB8F88275522203451 ft=1 fh=2957105ba068805f vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="H:\Programme - Setups\CPU-Z 1.58\cpu-z_1.58-setup-en.exe"
sh=3A89DAEE2C931D0AAA7B102D3DA9D2174DC5875E ft=1 fh=d16f3ccb0b0b7a97 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="H:\Programme - Setups\ImgBurn\SetupImgBurn_2.5.5.0.exe"
sh=73C6C2140978034AF2D755F24C26E95C421A4979 ft=1 fh=e49ca2d210aabaf7 vn="Variante von Win32/Keygen.DD potenziell unsichere Anwendung" ac=I fn="H:\Programme - Setups\O&O Software CleverCache Professional Edition 7.1.2737 Deutsch 32-Bit\keygen.exe"
         

SecurityCheck:

Code: Alles auswählenAufklappen

ATTFilter

UNSUPPORTED OPERATING SYSTEM! ABORTED!
         

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Pauls PC (administrator) on PAULS-PC on 10-08-2014 16:03:47
Running from C:\Users\Pauls PC\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
(LogMeIn Inc.) H:\Programme - Setups\Hamachi\hamachi-2.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Kaspersky Lab ZAO) I:\Kaspersky Internet Security\avp.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(TeamSpeak Systems GmbH) I:\TS3\ts3client_win32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => H:\Programme - Setups\Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> I:\Kaspersky Internet Security\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> I:\Kaspersky Internet Security\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Pauls PC\AppData\Roaming\Mozilla\Firefox\Profiles\i9mumz3g.default-1402855174378\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-16]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - I:\Kaspersky Internet Security\FFExt\linkfilter@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - I:\Kaspersky Internet Security\FFExt\virtualKeyboard@kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - I:\Kaspersky Internet Security\FFExt\KavAntiBanner@Kaspersky.ru [2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - I:\CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-12-25]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - I:\Kaspersky Internet Security\ChromeExt\urladvisor.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - I:\Kaspersky Internet Security\ChromeExt\virtkbd.crx [2011-10-13]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - I:\Kaspersky Internet Security\ChromeExt\ab.crx [2011-10-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; I:\Kaspersky Internet Security\avp.exe [206448 2013-07-18] (Kaspersky Lab ZAO)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2430304 2009-12-24] (Diskeeper Corporation)
R2 Hamachi2Svc; H:\Programme - Setups\Hamachi\hamachi-2.exe [2470736 2013-06-28] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2374656 2011-02-08] (Atheros Communications, Inc.) [File not signed]
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [51120 2009-12-10] (Diskeeper Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-09-07] (DT Soft Ltd)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2013-07-18] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2014-08-10] (secr9tos) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 16:03 - 2014-08-10 16:03 - 00012839 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 14:35 - 2014-08-10 14:35 - 00854410 _____ () C:\Users\Pauls PC\Desktop\SecurityCheck.exe
2014-08-10 14:29 - 2014-08-10 14:29 - 02347384 _____ (ESET) C:\Users\Pauls PC\Desktop\esetsmartinstaller_deu.exe
2014-08-10 14:05 - 2014-08-10 14:33 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-10 12:05 - 2014-08-10 12:05 - 00000773 _____ () C:\Users\Pauls PC\Desktop\JRT.txt
2014-08-10 11:59 - 2014-08-10 11:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 11:58 - 2014-08-10 11:58 - 00002787 _____ () C:\Users\Pauls PC\Desktop\AdwCleaner[S0].txt
2014-08-10 11:54 - 2014-08-10 11:56 - 00000000 ____D () C:\AdwCleaner
2014-08-10 11:52 - 2014-08-10 11:52 - 00001161 _____ () C:\Users\Pauls PC\Desktop\mbam.txt
2014-08-10 11:36 - 2014-08-10 11:37 - 01016261 _____ (Thisisu) C:\Users\Pauls PC\Desktop\JRT.exe
2014-08-10 11:36 - 2014-08-10 11:36 - 01366203 _____ () C:\Users\Pauls PC\Desktop\adwcleaner_3.304.exe
2014-08-10 09:51 - 2014-08-10 09:51 - 00015331 _____ () C:\ComboFix.txt
2014-08-10 09:41 - 2014-08-10 09:51 - 00000000 ____D () C:\Qoobox
2014-08-10 09:41 - 2014-08-10 09:50 - 00000000 ____D () C:\Windows\erdnt
2014-08-10 09:41 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-10 09:41 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-10 09:41 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-10 09:41 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-10 09:40 - 2014-08-10 09:41 - 05568206 ____R (Swearware) C:\Users\Pauls PC\Desktop\ComboFix.exe
2014-08-10 09:29 - 2014-08-10 09:29 - 00000386 _____ () C:\Windows\DirectX.log
2014-08-10 08:52 - 2014-08-10 08:52 - 00000221 _____ () C:\Users\Pauls PC\Desktop\Defense Grid The Awakening.url
2014-08-10 07:33 - 2014-08-10 16:03 - 00000000 ____D () C:\FRST
2014-08-10 07:31 - 2014-08-10 16:03 - 02099712 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-09 22:52 - 2014-08-10 11:57 - 00001652 _____ () C:\Windows\PFRO.log
2014-08-09 22:52 - 2014-08-10 11:57 - 00000168 _____ () C:\Windows\setupact.log
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 21:54 - 2014-08-10 14:46 - 00414404 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 21:33 - 2014-08-10 11:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-09 21:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-09 21:29 - 2014-08-09 21:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-04 15:03 - 2014-08-07 08:14 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-07-31 07:19 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:19 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:19 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 07:19 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:19 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:19 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 07:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 07:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:52 - 2014-07-30 00:53 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 16:04 - 2014-08-10 16:03 - 00012839 _____ () C:\Users\Pauls PC\Desktop\FRST.txt
2014-08-10 16:04 - 2014-08-09 21:54 - 00414404 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 16:03 - 2014-08-10 07:33 - 00000000 ____D () C:\FRST
2014-08-10 16:03 - 2014-08-10 07:31 - 02099712 _____ (Farbar) C:\Users\Pauls PC\Desktop\FRST64.exe
2014-08-10 15:24 - 2013-07-18 00:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-10 14:35 - 2014-08-10 14:35 - 00854410 _____ () C:\Users\Pauls PC\Desktop\SecurityCheck.exe
2014-08-10 14:33 - 2014-08-10 14:05 - 00000000 ___SH () C:\DkHyperbootSync
2014-08-10 14:29 - 2014-08-10 14:29 - 02347384 _____ (ESET) C:\Users\Pauls PC\Desktop\esetsmartinstaller_deu.exe
2014-08-10 14:21 - 2013-07-18 00:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-10 13:52 - 2013-12-21 02:21 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Battle.net
2014-08-10 12:15 - 2013-07-17 23:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-10 12:05 - 2014-08-10 12:05 - 00000773 _____ () C:\Users\Pauls PC\Desktop\JRT.txt
2014-08-10 12:05 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 12:05 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 11:59 - 2014-08-10 11:59 - 00000000 ____D () C:\Windows\ERUNT
2014-08-10 11:59 - 2013-08-16 22:20 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\LogMeIn Hamachi
2014-08-10 11:58 - 2014-08-10 11:58 - 00002787 _____ () C:\Users\Pauls PC\Desktop\AdwCleaner[S0].txt
2014-08-10 11:57 - 2014-08-09 22:52 - 00001652 _____ () C:\Windows\PFRO.log
2014-08-10 11:57 - 2014-08-09 22:52 - 00000168 _____ () C:\Windows\setupact.log
2014-08-10 11:57 - 2013-07-16 21:10 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2014-08-10 11:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 11:56 - 2014-08-10 11:54 - 00000000 ____D () C:\AdwCleaner
2014-08-10 11:52 - 2014-08-10 11:52 - 00001161 _____ () C:\Users\Pauls PC\Desktop\mbam.txt
2014-08-10 11:44 - 2014-08-09 21:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 11:37 - 2014-08-10 11:36 - 01016261 _____ (Thisisu) C:\Users\Pauls PC\Desktop\JRT.exe
2014-08-10 11:36 - 2014-08-10 11:36 - 01366203 _____ () C:\Users\Pauls PC\Desktop\adwcleaner_3.304.exe
2014-08-10 09:51 - 2014-08-10 09:51 - 00015331 _____ () C:\ComboFix.txt
2014-08-10 09:51 - 2014-08-10 09:41 - 00000000 ____D () C:\Qoobox
2014-08-10 09:50 - 2014-08-10 09:41 - 00000000 ____D () C:\Windows\erdnt
2014-08-10 09:50 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-10 09:41 - 2014-08-10 09:40 - 05568206 ____R (Swearware) C:\Users\Pauls PC\Desktop\ComboFix.exe
2014-08-10 09:29 - 2014-08-10 09:29 - 00000386 _____ () C:\Windows\DirectX.log
2014-08-10 08:52 - 2014-08-10 08:52 - 00000221 _____ () C:\Users\Pauls PC\Desktop\Defense Grid The Awakening.url
2014-08-10 07:56 - 2013-09-07 02:52 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\uTorrent
2014-08-09 22:52 - 2014-08-09 22:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-09 21:52 - 2014-04-18 17:02 - 00000000 ____D () C:\Windows\jre
2014-08-09 21:51 - 2014-04-27 02:21 - 00000448 _____ () C:\Windows\system32\RW_{2D641267-CBC4-11E3-8117-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00292608 _____ () C:\Windows\system32\RW_FileType.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00008890 _____ () C:\Windows\system32\RW_AppData.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00007525 _____ () C:\config.xml
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B5-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5F0259B1-EEFF-11E2-BF36-6C626DCD47E1}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2E-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00002688 _____ () C:\Windows\system32\RW_{5CB93F2C-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00001120 _____ () C:\Windows\system32\RW_{5CB93F2B-EF15-11E2-BD92-806E6F6E6963}.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000636 _____ () C:\Windows\system32\RW_FileFlag.dat
2014-08-09 21:51 - 2013-08-07 02:52 - 00000000 _____ () C:\Windows\system32\AdmList.txt
2014-08-09 21:32 - 2014-08-09 21:32 - 00001105 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-09 21:32 - 2014-08-09 21:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pauls PC\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 21:32 - 2013-09-07 14:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:58 - 2014-08-09 16:58 - 00003544 _____ () C:\Users\Pauls PC\Downloads\Defense.Grid.-.The.Awakening.v1.0r41.Multi5.Cracked.READ.NFO-THETA-aes1knmf1wlc.dlc
2014-08-07 08:14 - 2014-08-04 15:03 - 04480476 _____ () C:\Users\Pauls PC\Desktop\SageWorrier.psd
2014-08-06 20:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-05 17:47 - 2013-07-17 23:11 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Skype
2014-08-04 15:03 - 2014-07-01 02:00 - 00000000 ____D () C:\Users\Pauls PC\AppData\Local\Adobe
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-08-04 14:23 - 2014-08-04 14:23 - 00000000 ____D () C:\Users\Pauls PC\AppData\Roaming\Adobe Mini Bridge CS5
2014-08-04 14:15 - 2013-12-26 01:01 - 00000000 ____D () C:\Users\Pauls PC\Desktop\PS Zeichnungen
2014-07-30 10:35 - 2013-08-07 15:27 - 00000000 ____D () C:\Users\Pauls PC\Documents\Diablo III
2014-07-30 00:53 - 2014-07-30 00:53 - 00000941 _____ () C:\Users\Pauls PC\Desktop\Diablo III Public Test.lnk
2014-07-30 00:53 - 2014-07-30 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-07-30 00:53 - 2014-07-30 00:52 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public TestDiablo III Public Test.lnk
2014-07-30 00:50 - 2014-07-30 00:50 - 03589024 _____ (Blizzard Entertainment) C:\Users\Pauls PC\Downloads\Diablo-III-Public-Test-Setup-deDE.exe
2014-07-25 12:59 - 2013-07-17 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 20:49 - 2014-07-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 17:12 - 2014-07-17 17:12 - 00000000 ____D () C:\ProgramData\Riot Games

Some content of TEMP:
====================
C:\Users\Pauls PC\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-08-07 18:51

==================== End Of Log ============================
         

--- --- ---




Btw. bis auf das etwas langsamere Einloggen sind alle Probleme beseitigt oder zumindest nicht mehr aufgetreten. Danke schonmal dafür

Mit freundlichen Grüßen

Paul S.

Was soll der Hack Kram in C:\Windows\Setup? Selbst dort hin gepackt?

Hi Schrauber,

mit

Code: Alles auswählenAufklappen

ATTFilter

sh=663C3101F91302FA9E29727F3768FBF0F7DF359F ft=1 fh=bddc1d562ad0e1c1 vn="MSIL/HackKMS.C potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\odin.exe"
sh=ABCAE4DCFC3014920AC9D554DDDD23C1836D82C3 ft=1 fh=40a8de7d6d184c37 vn="Win32/HackKMS.M potenziell unsichere Anwendung" ac=I fn="C:\Windows\Setup\Scripts\drivers\oem-drv86.sys"
sh=663C3101F91302FA9E29727F3768FBF0F7DF359F ft=1 fh=bddc1d562ad0e1c1 vn="MSIL/HackKMS.C potenziell unsichere Anwendung" ac=I fn="D:\Windows\Setup\Scripts\odin.exe"
         

hab ich nix am Hut. Woher das kommt kann ich nicht genau sagen, aber laut Google ist "odin.exe" ein Tool zum "routen" von Smartphones.

eben. Lösch das alles.

Fertig

Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

• Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
• Windows Updates
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
• Gehe sicher das die automatischen Updates aktiviert sind.
• Software Updates
  Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
  Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

• Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

• MalwareBytes Anti Malware
  Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
  Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
  Ein Tutorial zur Verwendung findest Du hier.
• WinPatrol
  Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

• SpywareBlaster
  Eine kurze Einführung findest du Hier
• MVPs hosts file
  Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
• WOT (Web of trust)
  Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

• Opera
• Mozilla Firefox.
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts

• Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
• verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
• Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
• Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi Schrauber,

ich bringe frohe Kunde...

er ist Clean!

Dank DIR

Vielen vielen Dank und falls ich noch irgendetwas merkwürdiges entdecke, lasse ich dich es wissen.


Mit freundlichen Grüßen

Paul S.

Gern Geschehen