InstaShare geht nicht löschen

Raziel30 · 13.09.2014, 12:25

Hello TB Helpers,

InstaShare hat sich auf meinem Rechner wie eine Zecke festgesaugt.

Ich habe alle Programme aus der Beschreibung (http://www.trojaner-board.de/158525-...entfernen.html) laufen lassen, aber keines von ihnen hat InstaShare gefunden. Auch die "Uninstaller" wollen nicht deinstallieren.

Störend ist es jetzt nicht sooo sehr da ich Foxy mit NoScript verwende, dennoch würde ich das Ding gerne los werden.

Danke schonmal für die Hilfe

OTL.txt

Code:

ATTFilter

OTL logfile created on: 13.09.2014 12:57:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free
11,10 Gb Paging File | 9,40 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): c:\pagefile.sys 8042 8042 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 255,47 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Auresil\Desktop\otl.exe (OldTimer Tools)
PRC - C:\Users\Auresil\Desktop\OTH.scr (OldTimer Tools)
PRC - C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe (Interesting Solutions)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\V0470Mon.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\XhpjpKqvxe\dat\tIzuXbuyu.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~1\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\PROGRA~1\TUGZip\TzShell.dll ()
MOD - C:\PROGRA~1\TUGZip\Plugins\TzImage10.tgp ()
 
 
========== Services (SafeList) ==========
 
SRV - (fqQrhhY) -- C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe (Interesting Solutions)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (c2cautoupdatesvc) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (PandaAgent) -- C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.)
SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (RoxMediaDBGame1X) -- C:\Program Files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe (Corel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found
DRV - (kbeepm) -- C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys File not found
DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINReg) -- C:\Windows\System32\drivers\PSINReg.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTPS) -- C:\Windows\System32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (H5xUSB) -- C:\Windows\System32\drivers\uth5x.sys (UT)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (kxwdmdrv) -- C:\Windows\System32\drivers\kx.sys (Eugene Gavrilov)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (VF0470Vid) -- C:\Windows\System32\drivers\V0470Vid.sys (Creative Technology Ltd.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/83878-o...processes.html
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 37 9B 4B C5 BB CB 01  [binary data]
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.41
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:11.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.2.9
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.07.29 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.07.29 22:27:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014.06.11 12:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.02.27 22:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\Extensions
[2014.09.12 15:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\Firefox\Profiles\n7vnhitj.default\extensions
[2014.08.29 21:59:00 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Auresil\AppData\Roaming\mozilla\Firefox\Profiles\n7vnhitj.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2014.09.06 12:54:12 | 004,222,513 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\firebug@software.joehewitt.com.xpi
[2014.09.12 14:02:19 | 000,540,395 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014.07.23 16:56:38 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.06.18 09:30:41 | 000,788,466 | ---- | M] () (No name found) -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2014.07.30 14:02:21 | 000,002,438 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\englische-ergebnisse.xml
[2014.07.30 14:02:20 | 000,002,916 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\gmx-suche.xml
[2014.07.30 14:02:21 | 000,002,457 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\lastminute.xml
[2014.07.30 14:02:20 | 000,005,729 | ---- | M] () -- C:\Users\Auresil\AppData\Roaming\mozilla\firefox\profiles\n7vnhitj.default\searchplugins\webde-suche.xml
[2014.07.31 21:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2014.07.29 22:27:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.09.13 11:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\browser\extensions
[2014.09.13 11:32:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O7 - HKU\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1D9330F-7477-4B27-8C83-9DC1E6165EAB}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.09.13 12:56:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTL.exe
[2014.09.13 10:11:38 | 000,048,736 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2014.09.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.09.12 16:10:40 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.09.12 16:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.09.12 16:09:47 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.09.12 16:09:47 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.09.12 16:09:47 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.09.12 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.09.12 15:53:50 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTH.scr
[2014.09.12 15:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
[2014.09.12 15:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft
[2014.09.12 15:43:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.09.12 15:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2014.09.12 15:28:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.09.12 11:11:55 | 000,000,000 | ---D | C] -- C:\InstaShare
[2014.09.11 12:59:29 | 000,000,000 | ---D | C] -- C:\Users\Auresil\AppData\Local\Daring_Development_Inc
[2014.09.11 12:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Daring Development
[2014.09.11 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\Auresil\AppData\Local\InstaShare
[2014.09.11 12:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\XhpjpKqvxe
[2014.09.11 12:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\InstaShare
[2014.09.05 12:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014.09.05 12:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2014.09.03 14:19:58 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2014.08.24 01:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2014.08.18 11:58:15 | 000,000,000 | R--D | C] -- C:\Users\Auresil\Desktop\Programme
[2011.01.24 00:27:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Auresil\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014.09.13 12:56:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTL.exe
[2014.09.13 10:16:37 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.13 10:16:37 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.13 10:15:43 | 000,698,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.09.13 10:15:43 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.09.13 10:15:43 | 000,148,828 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.09.13 10:15:43 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.09.13 10:11:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.09.13 10:11:22 | 2616,745,984 | -HS- | M] () -- C:\hiberfil.sys
[2014.09.12 16:44:02 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.09.12 15:53:53 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Auresil\Desktop\OTH.scr
[2014.08.17 19:48:18 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
 
========== Files Created - No Company Name ==========
 
[2014.09.12 15:50:48 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
[2012.12.18 11:32:08 | 000,007,601 | ---- | C] () -- C:\Users\Auresil\AppData\Local\resmon.resmoncfg
[2012.11.09 18:29:33 | 000,000,085 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI
[2012.10.23 15:22:21 | 000,611,791 | ---- | C] () -- C:\Users\Auresil\Antrag_Online_9_12.pdf
[2012.09.28 03:21:22 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.09.28 03:21:22 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.07.31 18:07:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2011.10.22 03:29:35 | 000,032,256 | ---- | C] () -- C:\Users\Auresil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.04 17:25:05 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.24 00:27:28 | 000,087,608 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\inst.exe
[2011.01.24 00:27:28 | 000,007,887 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\pcouffin.cat
[2011.01.24 00:27:28 | 000,001,144 | ---- | C] () -- C:\Users\Auresil\AppData\Roaming\pcouffin.inf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014.08.16 18:46:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\.minecraft
[2014.07.17 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Apowersoft
[2014.07.18 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Audacity
[2012.02.02 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BitTorrent
[2012.02.02 18:48:18 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Blender Foundation
[2014.04.19 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BSplayer
[2011.06.02 19:15:32 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\BSplayer Pro
[2014.08.24 02:01:39 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Call Graph
[2011.10.14 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Canon
[2014.04.19 21:06:40 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Dropbox
[2012.12.12 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\DVDVideoSoft
[2013.11.28 20:25:24 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\ERoot
[2014.09.09 13:41:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\FileZilla
[2012.12.19 20:58:29 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\JDownloaderPackages
[2014.01.07 04:36:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\library_dir
[2011.02.07 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Local
[2011.01.21 08:34:34 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Moonchild Productions
[2012.10.19 16:59:23 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\mquadr.at
[2011.01.24 00:41:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\NCH Swift Sound
[2011.12.05 01:54:24 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Opera
[2012.07.24 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Panda Security
[2011.11.06 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\PhotoFiltre
[2012.12.26 04:47:02 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\redsn0w
[2014.02.15 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Rogue Legacy
[2013.12.08 18:06:29 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\TeamViewer
[2011.11.05 11:09:13 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Thunderbird
[2014.03.17 13:08:46 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\TS3Client
[2012.08.01 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Ubisoft
[2013.03.08 18:50:56 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Ulead Systems
[2011.05.04 16:51:58 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Vso
[2011.05.04 14:06:41 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\Win7codecs
[2011.04.19 02:00:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\XMedia Recode
[2014.09.09 13:20:54 | 000,000,000 | ---D | M] -- C:\Users\Auresil\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 13.09.2014 12:57:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Auresil\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free
11,10 Gb Paging File | 9,40 Gb Available in Paging File | 84,64% Paging File free
Paging file location(s): c:\pagefile.sys 8042 8042 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 255,47 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
 
Computer Name: RAZIEL | User Name: Auresil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Call Graph\CallGraph.exe" = C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1829A52D-F9F9-43E7-98E5-047AD99A1F37}" = lport=56077 | protocol=6 | dir=in | name=pando media booster | 
"{2BE238F2-0A20-4FBA-9958-143A79F14A8B}" = lport=56077 | protocol=17 | dir=in | name=pando media booster | 
"{34D66F00-C5F3-4638-A6DD-7D44B101DDE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{52CC97E1-60C2-40C1-ACE8-622FD6980F01}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C325310-68E3-4DBD-A4FB-2F76ACF0A554}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{69522E36-471A-404D-A949-6F6E522EA0C4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CE2CD76-F28B-42A7-8BA6-7706A9CD6EB8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7D4D59E8-7A1D-412C-934F-4F84BB073F87}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81D2BA40-1E2E-42A4-A5F1-A71096DEE32A}" = lport=56077 | protocol=6 | dir=in | name=pando media booster | 
"{9331E873-1706-40A4-91FF-5DFCCDD7A508}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AD7A2255-D647-4AD7-A4E0-5A2E96754B65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B313E7E7-FBE7-4558-B2B5-83573F294F56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD74C3D2-EF94-4A85-99E2-07CA84F417D5}" = lport=56077 | protocol=17 | dir=in | name=pando media booster | 
"{CC8F8EFE-D056-4038-9E22-1895711EC2FF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D48A2BAD-31B2-402C-A2D3-C0D486DEDE94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00756FAA-DE7E-43B7-9226-BD4D12675A92}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{02C8A5E0-C26D-40A4-A1A3-A87C09A53B42}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{03351A73-9C5D-4E14-AC61-68227BBB1D3A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{07BD83EA-97AF-454D-BBB0-6E05E90FE3D8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0CACBEC8-B3C0-41BA-A950-47C982914D76}" = protocol=6 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe | 
"{11FF047C-B55D-4153-BB7E-76CA4B1C7467}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{19B0359B-54FB-4F18-B295-2368E558C113}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{1A7CFEAB-0460-4AA3-8C0F-81C75E9D71B4}" = protocol=6 | dir=out | app=system | 
"{1D9D393D-7340-4300-B851-48877184FE79}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{1DB11439-3ED5-4B2D-8FDC-A06B24FF1E90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E203E06-5844-4907-ACAF-11CA73E78F3E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{2214C8DD-2D4F-4EEC-A9F3-FDB16BE46667}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2677CEF6-6421-48BB-B158-F30C16C5458C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{27836CE6-D8BB-4032-95FE-C75BD19BE972}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2924C504-9F36-4C1D-8CD3-68F8CF169F1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{298E629A-D74C-4664-B47C-66EA742BA24A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{2EEACAD8-25B6-4D8A-8335-AC48FDB6E3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3742A4B0-0C52-4AFA-B8E0-815D6938E32B}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{3AD49685-38C5-4AFB-8459-32027DDA7FB2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{3C439830-8444-4530-A782-96FCEA9B5112}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{416E51AD-D706-4190-BB55-8FB75E2C5A80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{446C80B6-BBD8-4A62-8166-27F449D7F5A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55052623-6130-4EFF-BFE5-8C98CA2FA363}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{706EC381-8F84-45F5-A9C5-9E00A60CC716}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{746C3D71-A279-4DE0-A32C-1F1E72C14566}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7492DB02-DCE1-47E0-BD94-628FD8A3B3B9}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{75CD9B76-DCC8-4421-AE2B-0D6F97A8FA8B}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{7ACB354D-81F2-4232-8DA9-40682063140D}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{7C2704A7-4769-429C-8B70-B5AF0EAC221A}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"{7FCAD0ED-4689-4000-8BFC-CF75B754F836}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe | 
"{80C54042-E7F2-454B-BB46-603C78D9CBA0}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{81DE1D39-0837-454A-A774-E12B88FA4012}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{850440A4-7A13-4963-8A5E-913FA3AECFEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{8C07B52E-CC3F-4553-8830-51C23F9D90F5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\unturned\unturned.exe | 
"{8D91D3D6-99E1-41E6-B240-5F1AE27C8F1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8E0F053C-0DFA-492C-985E-C44555F4BDF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9A7033F7-1B81-4589-B8D7-BBD15DD9C7E9}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe | 
"{9DBCF1F5-7504-4AB4-9662-2C7FA081BE25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\coflaunchapp.exe | 
"{A1A7453C-7108-4DC5-AC05-637FC82ADB03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2CC24EB-0DBA-4911-B52B-171ECE0D08F3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A97978B8-6F58-465F-A55A-6AC6DC055090}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE41E1C5-84D5-4448-BE10-4C50AC66C370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{AF87289F-9A6B-4004-A438-96E8D3475172}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B68467A4-EFDD-4C63-8EC5-88AF99C6221A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC9FDB63-7997-4EAE-AEAC-58ABE09AE7C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{BF5BCAC6-8A0D-4509-91CE-A8F057B4704B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C18E7380-A4B2-4D21-B2F7-0F798D134FDD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\unturned\unturned.exe | 
"{C5A3A96B-044A-4112-8AB1-1A4D3A4DCCF5}" = protocol=17 | dir=in | app=c:\program files\sony mobile\update engine\sony mobile update engine.exe | 
"{C7FE3958-2A4D-4661-A647-32B37CD6C50C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C8D1F135-C8C6-4D2D-B279-B85C51054468}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CE369EF4-72CB-49FB-80B0-C3AA64EB8C66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{D5F28A84-55E6-43A9-A43E-C79731789116}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\age2hd\launcher.exe | 
"{D659188C-F7D2-488A-8168-9EAB3D98060B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DA6DB775-D9AF-46C2-AD7B-1BBE061B16E7}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{DC639427-6E95-4F74-BD29-4F0AABD4D07A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\coflaunchapp.exe | 
"{E2C6D24E-0B07-4644-A031-BDB8E158EDD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E321AC5D-85B2-4080-90BF-5D5622A8D7C1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{E979E7B6-296A-459C-A0F5-2A37163F72E8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EF0E93BD-46D6-40A6-A95B-989BBCBE6496}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\castlecrashers\castle.exe | 
"{EF327770-6869-42CE-BC24-D18CBE4EFA6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F100963D-D614-49CC-A8FB-64600721ECF1}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe | 
"{F2E9A2BA-0652-4765-9108-AE448417C578}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\castlecrashers\castle.exe | 
"{FF36F9DF-4B01-4511-830B-EDC34D28026A}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe | 
"TCP Query User{21DE1C5D-61E2-4BE8-8ACE-17D7F28C2F26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{404EBF36-929E-44CB-B72A-FC8C9C2B0019}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{51A8817E-4948-4619-9F50-3B01AD58E871}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{6F24AA88-ADEE-4E90-AD86-8E5A7E079558}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{A5C6B71F-248C-4AF8-8443-E7637D1A9C15}C:\program files\steam\steamapps\common\cry of fear\cof.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\cof.exe | 
"TCP Query User{DE777748-985F-467C-83E4-7D90F3678869}C:\program files\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files\call graph\callgraph.exe | 
"UDP Query User{36329AFD-9E94-4C7B-A6BB-B22559006B83}C:\program files\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files\call graph\callgraph.exe | 
"UDP Query User{653864CC-10B1-43DE-909A-576323E45B81}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{68E661A6-01CC-4CE3-87D2-6B733D704D04}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{90F063D3-EE5A-4B0B-AFA6-D5F5DA181656}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{AB63B2B9-9C15-4017-AEF0-B389255A4F2B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{CED9FBBD-1566-4A5E-BC49-76DAC433F91A}C:\program files\steam\steamapps\common\cry of fear\cof.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\cry of fear\cof.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05B324AB-7428-4C00-AD3B-E591C561645C}_is1" = eJIFFY
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}" = Roxio Game Capture HD PRO
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{363FA5D0-68EB-48F2-B986-E6C12CCDD0F8}" = Roxio GameCAP HD PRO
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{5F187E71-93D7-4849-B5C2-1DD1747C81A7}" = Roxio CinePlayer Decoder Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6FF4C560-A95B-42DE-83AD-62C8737115E9}" = Roxio Game Capture HD PRO
"{70B1DA58-A2B9-4EA0-B83D-F03CBEEAE22D}" = LogMeIn Hamachi
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E5C379D-035B-815D-E087-4CEA06C76A08}" = AMD Drag and Drop Transcoding
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C3024B-A974-450C-4D46-C031F801F5EC}" = ccc-utility
"{86A8B70E-D4B4-4052-AAA0-41D1F46F8D71}" = Panda Cloud Antivirus
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6D4A7A-DD9A-4044-B200-24E569B8D121}_is1" = Pinnacle Studio 14 Content v.0.1
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFB6965-D714-3786-6B50-58E21223CB96}" = ATI AVIVO Codecs
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.197
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Absolute Uninstaller" = Absolute Uninstaller 5.3.1.17
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Blender" = Blender
"Call Graph" = Call Graph
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Creative VF0470" = Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstaShare" = InstaShare
"king.com" = king.com (remove only)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.17.1863" = Opera 12.17
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Steam" = Steam
"Steam App 204360" = Castle Crashers
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 223710" = Cry of Fear
"Steam App 304930" = Unturned
"Steam App 35720" = Trine 2
"Steam App 620" = Portal 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TUGZip_is1" = TUGZip 3.5
"Update Engine" = Sony Mobile Update Engine
"VL Sound 5.1" = VL Sound 5.1
"VLC media player" = VLC media player 2.0.8
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.1 Pro" = Wisdom-soft AutoScreenRecorder 3.1 Pro
"XMedia Recode" = XMedia Recode 2.2.9.7
"XnView_is1" = XnView 1.97.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.7.1
"JDownloader Packages" = JDownloader Packages
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 12.09.2014 10:00:59 | Computer Name = Raziel | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2014 um 15:59:39 unerwartet heruntergefahren.
 
Error - 12.09.2014 10:01:23 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.09.2014 10:42:21 | Computer Name = Raziel | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?09.?2014 um 16:40:49 unerwartet heruntergefahren.
 
Error - 12.09.2014 10:42:44 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 12.09.2014 11:47:49 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 13.09.2014 04:11:38 | Computer Name = Raziel | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >

M-K-D-B · 13.09.2014, 12:26

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Raziel30 · 13.09.2014, 12:42

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Auresil (administrator) on RAZIEL on 13-09-2014 13:39:49
Running from C:\Users\Auresil\Desktop
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\System32\PSIService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Interesting Solutions) C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Creative Technology Ltd.) C:\Windows\V0470Mon.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [V0470Mon.exe] => C:\Windows\V0470Mon.exe [32768 2007-06-04] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/83878-o...processes.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70379B4BC5BBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FT DeepDark - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-08-29]
FF Extension: Firebug - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-08]
FF Extension: NoScript - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Adblock Plus - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-13]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 fqQrhhY; C:\ProgramData\XhpjpKqvxe\fqQrhhY.exe [2319728 2014-09-11] (Interesting Solutions)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-08-08] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)
S3 RoxMediaDBGame1X; C:\Program Files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x.sys [79488 2012-08-02] (UT)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [607496 2009-09-18] (Eugene Gavrilov)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [137760 2014-05-05] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103456 2014-05-05] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [166432 2014-05-05] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [112160 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [122912 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-07-10] (Corel Corporation)
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1279968 2011-01-15] (Microsoft Corporation) [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1279968 2011-01-15] (Microsoft Corporation) [File not signed]
S3 VF0470Vid; C:\Windows\System32\DRIVERS\V0470Vid.sys [146720 2007-05-09] (Creative Technology Ltd.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1143920 2010-08-04] (VIA Technologies, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 kbeepm; \??\C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys [X]
S3 XDva383; \??\C:\Windows\system32\XDva383.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 13:39 - 2014-09-13 13:40 - 00016103 _____ () C:\Users\Auresil\Desktop\FRST.txt
2014-09-13 13:39 - 2014-09-13 13:39 - 01097728 _____ (Farbar) C:\Users\Auresil\Downloads\FRST.exe
2014-09-13 13:39 - 2014-09-13 13:39 - 00000000 ____D () C:\FRST
2014-09-13 13:38 - 2014-09-13 13:38 - 01097728 _____ (Farbar) C:\Users\Auresil\Desktop\FRST.exe
2014-09-13 13:03 - 2014-09-13 13:25 - 00064120 _____ () C:\Users\Auresil\Desktop\OTL.Txt
2014-09-13 13:03 - 2014-09-13 13:03 - 00067732 _____ () C:\Users\Auresil\Desktop\Extras.Txt
2014-09-13 12:56 - 2014-09-13 12:56 - 00602112 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTL.exe
2014-09-13 11:32 - 2014-09-13 11:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-13 10:11 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-09-12 16:57 - 2014-09-12 16:57 - 00000000 ____D () C:\Program Files\ESET
2014-09-12 16:10 - 2014-09-12 16:44 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 16:09 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 16:09 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 15:53 - 2014-09-12 15:53 - 00259584 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTH.scr
2014-09-12 15:50 - 2014-09-12 15:50 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\Program Files\Glarysoft
2014-09-12 15:43 - 2014-09-12 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 15:38 - 2014-09-12 15:38 - 00000000 ____D () C:\ProgramData\Browser
2014-09-12 15:32 - 2014-09-13 13:31 - 00000336 _____ () C:\Windows\setupact.log
2014-09-12 15:32 - 2014-09-12 15:32 - 00000562 _____ () C:\Windows\PFRO.log
2014-09-12 15:32 - 2014-09-12 15:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 15:28 - 2014-09-12 15:37 - 00000000 ____D () C:\AdwCleaner
2014-09-12 11:11 - 2014-09-12 11:11 - 00000000 ____D () C:\InstaShare
2014-09-11 12:59 - 2014-09-11 12:59 - 00000000 ____D () C:\Users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Program Files\Daring Development
2014-09-11 12:49 - 2014-09-11 12:49 - 00000000 ____D () C:\Users\Auresil\AppData\Local\InstaShare
2014-09-11 12:47 - 2014-09-11 12:47 - 00000000 ____D () C:\ProgramData\XhpjpKqvxe
2014-09-11 12:47 - 2014-09-11 12:47 - 00000000 ____D () C:\ProgramData\InstaShare
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-09-03 14:19 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-08-24 01:49 - 2014-08-24 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-08-21 17:42 - 2014-08-21 17:42 - 00000000 _____ () C:\ctapi_out_gr.txt
2014-08-18 11:58 - 2014-09-13 12:55 - 00000000 ___RD () C:\Users\Auresil\Desktop\Programme

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 13:40 - 2014-09-13 13:39 - 00016103 _____ () C:\Users\Auresil\Desktop\FRST.txt
2014-09-13 13:39 - 2014-09-13 13:39 - 01097728 _____ (Farbar) C:\Users\Auresil\Downloads\FRST.exe
2014-09-13 13:39 - 2014-09-13 13:39 - 00000000 ____D () C:\FRST
2014-09-13 13:38 - 2014-09-13 13:38 - 01097728 _____ (Farbar) C:\Users\Auresil\Desktop\FRST.exe
2014-09-13 13:36 - 2009-07-14 06:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 13:36 - 2009-07-14 06:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 13:35 - 2009-11-10 20:44 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 13:34 - 2014-04-19 20:44 - 01017213 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 13:34 - 2012-05-06 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 13:31 - 2014-09-12 15:32 - 00000336 _____ () C:\Windows\setupact.log
2014-09-13 13:31 - 2014-07-31 00:21 - 00000000 ____D () C:\Users\Auresil\AppData\Local\LogMeIn Hamachi
2014-09-13 13:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 13:25 - 2014-09-13 13:03 - 00064120 _____ () C:\Users\Auresil\Desktop\OTL.Txt
2014-09-13 13:03 - 2014-09-13 13:03 - 00067732 _____ () C:\Users\Auresil\Desktop\Extras.Txt
2014-09-13 12:56 - 2014-09-13 12:56 - 00602112 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTL.exe
2014-09-13 12:55 - 2014-08-18 11:58 - 00000000 ___RD () C:\Users\Auresil\Desktop\Programme
2014-09-13 11:32 - 2014-09-13 11:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 16:59 - 2013-09-01 16:00 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\vlc
2014-09-12 16:57 - 2014-09-12 16:57 - 00000000 ____D () C:\Program Files\ESET
2014-09-12 16:44 - 2014-09-12 16:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 16:42 - 2011-02-25 16:51 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 16:42 - 2011-01-15 10:24 - 00147521 ____N () C:\Windows\Minidump\091214-17628-01.dmp
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-12 16:00 - 2011-01-15 10:24 - 00147521 ____N () C:\Windows\Minidump\091214-14944-01.dmp
2014-09-12 15:53 - 2014-09-12 15:53 - 00259584 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTH.scr
2014-09-12 15:50 - 2014-09-12 15:50 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\Program Files\Glarysoft
2014-09-12 15:43 - 2014-09-12 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 15:40 - 2011-10-17 19:34 - 00000000 ___RD () C:\Users\Auresil\Pics
2014-09-12 15:38 - 2014-09-12 15:38 - 00000000 ____D () C:\ProgramData\Browser
2014-09-12 15:37 - 2014-09-12 15:28 - 00000000 ____D () C:\AdwCleaner
2014-09-12 15:32 - 2014-09-12 15:32 - 00000562 _____ () C:\Windows\PFRO.log
2014-09-12 15:32 - 2014-09-12 15:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 11:11 - 2014-09-12 11:11 - 00000000 ____D () C:\InstaShare
2014-09-11 19:39 - 2014-04-25 20:11 - 00000000 ____D () C:\Users\Auresil\Downloads\JDownloader
2014-09-11 18:17 - 2012-12-19 20:57 - 00000000 ____D () C:\Program Files\JDownloader
2014-09-11 12:59 - 2014-09-11 12:59 - 00000000 ____D () C:\Users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Program Files\Daring Development
2014-09-11 12:49 - 2014-09-11 12:49 - 00000000 ____D () C:\Users\Auresil\AppData\Local\InstaShare
2014-09-11 12:47 - 2014-09-11 12:47 - 00000000 ____D () C:\ProgramData\XhpjpKqvxe
2014-09-11 12:47 - 2014-09-11 12:47 - 00000000 ____D () C:\ProgramData\InstaShare
2014-09-11 12:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-09-11 00:17 - 2014-07-16 20:27 - 00000000 ____D () C:\Program Files\Steam
2014-09-11 00:17 - 2011-01-15 18:23 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Winamp
2014-09-09 13:41 - 2013-01-11 15:31 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\FileZilla
2014-09-09 13:20 - 2011-01-16 07:47 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\XnView
2014-09-05 12:46 - 2014-08-13 14:59 - 00011695 _____ () C:\Users\Auresil\Desktop\Verkäufe.xlsx
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-08-26 15:35 - 2011-01-24 00:36 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Skype
2014-08-24 02:01 - 2014-07-17 20:41 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Call Graph
2014-08-24 01:49 - 2014-08-24 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-08-24 01:49 - 2013-09-08 14:56 - 00000000 ____D () C:\Fraps
2014-08-21 17:42 - 2014-08-21 17:42 - 00000000 _____ () C:\ctapi_out_gr.txt
2014-08-21 14:33 - 2014-07-16 20:27 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-21 12:40 - 2012-01-15 16:25 - 00000000 ___RD () C:\Users\Auresil\Desktop\Games
2014-08-17 20:54 - 2011-01-28 17:51 - 00000112 _____ () C:\Users\Auresil\AppData\default.pls
2014-08-17 20:54 - 2011-01-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel MediaOne
2014-08-17 20:52 - 2014-01-28 19:44 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Roxio
2014-08-17 19:48 - 2012-02-04 15:32 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-17 18:22 - 2011-01-23 22:06 - 00000000 ___RD () C:\Users\Auresil\Programme
2014-08-17 17:28 - 2011-02-08 00:08 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\WinRAR
2014-08-16 18:46 - 2014-08-13 23:51 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\.minecraft

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-09-06 01:37

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Auresil at 2014-09-13 13:40:32
Running from C:\Users\Auresil\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Cloud Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Uninstaller 5.3.1.17 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.17 - Glarysoft Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8900 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 6.7.9.0 - SlySoft)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.61-release - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call Graph (HKLM\...\Call Graph) (Version:  - Sedna Wireless Pvt. Ltd.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series Benutzerregistrierung (HKLM\...\Canon MP280 series Benutzerregistrierung) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Corel MediaOne (HKLM\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Painter Essentials 3 (HKLM\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version:  - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00) (HKLM\...\Creative VF0470) (Version:  - )
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.24.3 - Electronic Arts)
Die Sims™ 3 Erstelle ein Muster-Tool (HKLM\...\{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}) (Version: 1.0.0 - Electronic Arts)
Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version:  - Driver-Soft Inc.)
eJIFFY (HKLM\...\{05B324AB-7428-4C00-AD3B-E591C561645C}_is1) (Version: 1.1.2 - Elitegroup Computer Systems)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.2.7.1 (HKCU\...\FileZilla Client) (Version: 3.2.7.1 - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Free YouTube Download version 3.1.41.1201 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.41.1201 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.36.1201 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.36.1201 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
InstaShare (HKLM\...\InstaShare) (Version: 3.0.11 - Interesting Solutions)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader Packages (HKCU\...\JDownloader Packages) (Version:  - ) <==== ATTENTION
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Knoll Light Factory EZ Studio (HKLM\...\Knoll Light Factory EZ Studio) (Version:  - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Neverwinter Nights 2 (HKLM\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 3.0.1 - Panda Security)
Panda Cloud Antivirus (Version: 7.05.00.0000 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.01 - Panda Security)
Panda Devices Agent (Version: 1.04.00 - Panda Security) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PhotoFiltre (HKCU\...\PhotoFiltre) (Version:  - )
Pinnacle Studio 14 (HKLM\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio 14 Content v.0.1 (HKLM\...\{9C6D4A7A-DD9A-4044-B200-24E569B8D121}_is1) (Version:  - )
Pinnacle Studio Ultimate Collection Plugins (HKLM\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6278 - Realtek Semiconductor Corp.)
Red Giant ToonIt Studio (HKLM\...\Red Giant ToonIt Studio) (Version:  - )
Roxio CinePlayer Decoder Pack (Version: 4.3.0 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 1.0 - Roxio)
Roxio Game Capture HD PRO (Version: 1.0.135 - Roxio) Hidden
Roxio GameCAP HD PRO (Version: 1.00.0000 - Roxio) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 4 (HKLM\...\TeamViewer 4) (Version:  - TeamViewer GmbH)
Trapcode 3DStroke Studio (HKLM\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM\...\Trapcode Shine Studio) (Version:  - )
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
TUGZip 3.5 (HKLM\...\TUGZip_is1) (Version:  - Christian Kindahl)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2483110) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{592B47F5-D305-431A-9781-ED6CBB44FA8B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VL Sound 5.1 (HKLM\...\VL Sound 5.1) (Version:  - Valera Lavrov)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.5 - Shark007)
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Wisdom-soft AutoScreenRecorder 3.1 Pro (HKLM\...\Wisdom-soft AutoScreenRecorder 3.1 Pro) (Version:  - Wisdom Software Inc.)
XMedia Recode 2.2.9.7 (HKLM\...\XMedia Recode) (Version: 2.2.9.7 - Sebastian Dörfler)
XnView 1.97.4 (HKLM\...\XnView_is1) (Version: 1.97.4 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll ()

==================== Restore Points  =========================

22-08-2014 14:21:07 Geplanter Prüfpunkt
31-08-2014 19:08:05 Geplanter Prüfpunkt
08-09-2014 10:57:15 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F99358E-A853-4B62-9324-8E83018AA638} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {10502311-C601-4EED-B7E4-30C152211498} - \{F50FA6C7-6013-4612-BEC3-B11E32CDB852} No Task File <==== ATTENTION
Task: {3F789B6F-1B27-402F-A789-2B24909393AC} - \{1041AEBA-1E27-4781-AA22-11DF0D50FC10} No Task File <==== ATTENTION
Task: {5421911B-8ADD-4A05-8DC9-568EDC30FBEC} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {5D191F61-3A4A-4D80-BA10-BFD874DB1D73} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {60C03FB7-C0EC-4418-B93E-7B92F94BAF1B} - \{CF7C47DD-351D-438A-9D4D-5F6F628D7DCA} No Task File <==== ATTENTION
Task: {64A77EA3-101F-480A-B877-E15DB4611E01} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2011-01-24] (NCH Software)
Task: {73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {817FF675-2354-4329-9439-60185B41FEC9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B463855F-1642-4276-B480-7243C6919B48} - \{35A65C4E-ACE2-4177-8437-74912A6E4364} No Task File <==== ATTENTION
Task: {D68D67DD-953E-41FC-BCFC-125CDD11ABF3} - \{C20E2991-1BBB-4869-8CD0-339F5FA086EA} No Task File <==== ATTENTION
Task: {F0686270-4CE9-493D-B276-F7EF7F4F2DB4} - \{EF40571D-7F72-47B4-AB8A-5566B8DD5F21} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-24 00:35 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2009-08-23 19:58 - 2009-08-23 19:58 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-09-13 11:32 - 2014-09-13 11:32 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-13 13:34 - 2014-09-13 13:34 - 01186160 _____ () C:\ProgramData\XhpjpKqvxe\dat\fRgbHulSmG.dll
2014-07-22 10:44 - 2014-07-22 10:44 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Auresil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EADM => "C:\Program Files\Electronic Arts\EADM\EADMUI.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: USBToolTip => C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Wisdom-soft AutoScreenRecorder 3.1 Pro => C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro\AutoScreenRecorder.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/13/2014 01:31:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/13/2014 10:11:38 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/12/2014 05:47:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/12/2014 04:42:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/12/2014 04:42:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎09.‎2014 um 16:40:49 unerwartet heruntergefahren.

Error: (09/12/2014 04:01:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/12/2014 04:00:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎09.‎2014 um 15:59:39 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 38%
Total physical RAM: 3327.37 MB
Available physical RAM: 2061.88 MB
Total Pagefile: 11367.64 MB
Available Pagefile: 9881.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:255.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 994F86BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 13.09.2014, 12:44

Servus,

wir beginnen so:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Raziel30 · 13.09.2014, 13:06

Code:

ATTFilter

ComboFix 14-09-12.01 - Auresil 13.09.2014  13:54:31.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.3327.2421 [GMT 2:00]
ausgeführt von:: c:\users\Auresil\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Auresil\AppData\Local\datos.txt
c:\users\Auresil\AppData\Roaming\inst.exe
c:\users\Auresil\AppData\Roaming\Local
c:\windows\system32\drivers\tcpip.copy
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-13 bis 2014-09-13  ))))))))))))))))))))))))))))))
.
.
2014-09-13 12:02 . 2014-09-13 12:02	--------	d-----w-	c:\users\Auresil\AppData\Local\temp
2014-09-13 12:02 . 2014-09-13 12:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-13 11:39 . 2014-09-13 11:41	--------	d-----w-	C:\FRST
2014-09-13 08:11 . 2014-03-25 13:15	48736	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-09-12 14:57 . 2014-09-12 14:57	--------	d-----w-	c:\program files\ESET
2014-09-12 14:10 . 2014-09-12 14:44	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-12 14:09 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-12 14:09 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-12 14:09 . 2014-05-12 05:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-12 14:09 . 2014-09-12 14:09	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-09-12 13:50 . 2014-09-12 13:50	--------	d-----w-	c:\program files\Glarysoft
2014-09-12 13:43 . 2014-09-12 13:43	--------	d-----w-	c:\windows\ERUNT
2014-09-12 13:38 . 2014-09-12 13:38	--------	d-----w-	c:\programdata\Browser
2014-09-12 13:28 . 2014-09-12 13:37	--------	d-----w-	C:\AdwCleaner
2014-09-12 09:11 . 2014-09-12 09:11	--------	d-----w-	C:\InstaShare
2014-09-11 10:59 . 2014-09-11 10:59	--------	d-----w-	c:\users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 10:50 . 2014-09-11 10:50	--------	d-----w-	c:\program files\Daring Development
2014-09-11 10:49 . 2014-09-11 10:49	--------	d-----w-	c:\users\Auresil\AppData\Local\InstaShare
2014-09-11 10:47 . 2014-09-11 10:47	--------	d-----w-	c:\programdata\XhpjpKqvxe
2014-09-11 10:47 . 2014-09-11 10:47	--------	d-----w-	c:\programdata\InstaShare
2014-09-05 10:34 . 2014-09-05 10:34	--------	d-----w-	c:\program files\LogMeIn Hamachi
2014-09-03 12:19 . 2009-03-18 16:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 06:48 . 2011-08-22 15:38	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-22 08:44 . 2012-04-04 13:08	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-22 08:44 . 2012-01-27 22:38	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 01:02 . 2014-07-22 21:51	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-15 . 3B4F11118C32C46FEE561478B3110176 . 1279968 . . [6.1.7600.16385] . . c:\windows\System32\drivers\tcpip.sys
[7] 2010-06-14 . BB7F39C31C4A4417FD318E7CD184E225 . 1286016 . . [6.1.7600.16610] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[7] 2010-06-14 . A39EA325C081AD27461F630C8E3E56E0 . 1288576 . . [6.1.7600.20733] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[7] 2009-07-14 . 2CC3D75488ABD3EC628BBB9A4FC84EFC . 1285712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2014-05-06 37624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Auresil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Auresil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2012-07-27 20:51	1261512	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18	1185112	----a-w-	c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-08-17 10:50	483144	----a-w-	c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-08-11 10:32	1690224	----a-r-	c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-09-04 09:44	3802448	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03	4283256	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14	1173504	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 16:26	21650016	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-10-31 09:35	449760	----a-w-	c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 11:34	98304	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-11 00:39	256896	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08	95504	----a-w-	c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07	199752	----a-w-	c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Pro]
2012-03-29 12:29	4695040	----a-w-	c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro\AutoScreenRecorder.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-19 12400]
R3 H5xUSB;Roxio GameCAP HD PRO;c:\windows\system32\Drivers\uth5x.sys [2012-08-02 79488]
R3 kbeepm;kbeepm;c:\users\Auresil\AppData\Local\Temp\kbeepm.sys [x]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-09-17 607496]
R3 RoxMediaDBGame1X;RoxMediaDBGame1X;c:\program files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [2012-08-02 1095824]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-05-08 146720]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1343400]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2014-05-02 61984]
R4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-06 185640]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2014-05-02 88992]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2014-05-02 166816]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2014-05-02 110496]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2014-05-02 125216]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2014-05-02 96160]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2014-05-02 121888]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2014-05-02 288032]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2014-05-02 208800]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2014-05-02 109856]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2014-05-02 243872]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2014-05-02 96928]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2014-05-05 166432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 217600]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 fqQrhhY;fqQrhhY;c:\programdata\XhpjpKqvxe\fqQrhhY.exe [2014-09-11 2319728]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-09-04 1890128]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-08-08 375056]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2014-05-05 141560]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-05-22 61688]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2014-05-05 137760]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2014-05-05 103456]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2014-05-05 112160]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2014-05-06 122912]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2014-05-05 98336]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2014-05-06 38136]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2014-03-25 48736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1143920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:44]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 11:59]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 11:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = http://www.trojaner-board.de/83878-o...processes.html
IE: Free YouTube Download - c:\users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2012-12-12 04:27; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-EADM - c:\program files\Electronic Arts\EADM\EADMUI.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-Driver Genius Professional Edition_is1 - c:\program files\Driver-Soft\DriverGenius\unins000.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-13  14:03:37
ComboFix-quarantined-files.txt  2014-09-13 12:03
.
Vor Suchlauf: 19 Verzeichnis(se), 274.090.176.512 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 273.996.689.408 Bytes frei
.
- - End Of File - - 336AD0CCE03115F2691D64D4CA8E6E90
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 13.09.2014, 13:59

Servus,

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
XDva383
fqQrhhY

Collect::
c:\programdata\XhpjpKqvxe\fqQrhhY.exe

Folder::
C:\InstaShare
c:\users\Auresil\AppData\Local\InstaShare
c:\programdata\XhpjpKqvxe
c:\programdata\InstaShare

FCopy::
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys | c:\windows\System32\drivers\tcpip.sys
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Raziel30 · 13.09.2014, 14:41

Horay InstaShare ist weg

..... schonmal ganz vielen lieben Dank Matthias

Upload hat leider nicht funktioniert, ComboFix konnte keine Verbindung zum Host bekommen, hat eine Datei zum manuellen Hochladen angelegt.

Code:

ATTFilter

ComboFix 14-09-12.01 - Auresil 13.09.2014  15:13:35.2.4 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.3327.2355 [GMT 2:00]
ausgeführt von:: c:\users\Auresil\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Auresil\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\programdata\XhpjpKqvxe\fqQrhhY.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\InstaShare
c:\programdata\InstaShare
c:\programdata\InstaShare\InstaShare.ico
c:\programdata\InstaShare\uninstall.exe
c:\programdata\InstaShare\uninstall.exe.config
c:\programdata\XhpjpKqvxe
c:\programdata\XhpjpKqvxe\dat\fIwlbWAjz.exe
c:\programdata\XhpjpKqvxe\dat\fIwlbWAjz.exe.config
c:\programdata\XhpjpKqvxe\dat\oIbTaVXWOQ.dll
c:\programdata\XhpjpKqvxe\fqQrhhY.dat
c:\programdata\XhpjpKqvxe\fqQrhhY.exe
c:\programdata\XhpjpKqvxe\fqQrhhY.exe.config
c:\programdata\XhpjpKqvxe\info.dat
c:\users\Auresil\AppData\Local\InstaShare
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA383
-------\Service_fqQrhhY
-------\Service_XDva383
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-13 bis 2014-09-13  ))))))))))))))))))))))))))))))
.
.
2014-09-13 13:23 . 2014-09-13 13:26	--------	d-----w-	c:\users\Auresil\AppData\Local\temp
2014-09-13 13:23 . 2014-09-13 13:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-13 11:39 . 2014-09-13 11:41	--------	d-----w-	C:\FRST
2014-09-13 08:11 . 2014-03-25 13:15	48736	----a-w-	c:\windows\system32\drivers\PSKMAD.sys
2014-09-12 14:57 . 2014-09-12 14:57	--------	d-----w-	c:\program files\ESET
2014-09-12 14:10 . 2014-09-12 14:44	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-12 14:09 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-12 14:09 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-12 14:09 . 2014-05-12 05:25	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-12 14:09 . 2014-09-12 14:09	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-09-12 13:50 . 2014-09-12 13:50	--------	d-----w-	c:\program files\Glarysoft
2014-09-12 13:43 . 2014-09-12 13:43	--------	d-----w-	c:\windows\ERUNT
2014-09-12 13:38 . 2014-09-12 13:38	--------	d-----w-	c:\programdata\Browser
2014-09-12 13:28 . 2014-09-12 13:37	--------	d-----w-	C:\AdwCleaner
2014-09-11 10:59 . 2014-09-11 10:59	--------	d-----w-	c:\users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 10:50 . 2014-09-11 10:50	--------	d-----w-	c:\program files\Daring Development
2014-09-05 10:34 . 2014-09-05 10:34	--------	d-----w-	c:\program files\LogMeIn Hamachi
2014-09-03 12:19 . 2009-03-18 16:35	26176	---ha-w-	c:\windows\system32\hamachi.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 06:48 . 2011-08-22 15:38	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-22 08:44 . 2012-04-04 13:08	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-22 08:44 . 2012-01-27 22:38	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-11 01:02 . 2014-07-22 21:51	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2014-05-06 37624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"MaxGPOScriptWait"= 600 (0x258)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Auresil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Auresil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51	35768	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2012-07-27 20:51	1261512	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50	2516296	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18	1185112	----a-w-	c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-08-17 10:50	483144	----a-w-	c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-08-11 10:32	1690224	----a-r-	c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-09-04 09:44	3802448	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03	4283256	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14	1173504	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 16:26	21650016	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-10-31 09:35	449760	----a-w-	c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 11:34	98304	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-11 00:39	256896	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08	95504	----a-w-	c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07	199752	----a-w-	c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Pro]
2012-03-29 12:29	4695040	----a-w-	c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro\AutoScreenRecorder.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 CFcatchme;CFcatchme;c:\users\Auresil\AppData\Local\Temp\CFcatchme.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-19 12400]
R3 H5xUSB;Roxio GameCAP HD PRO;c:\windows\system32\Drivers\uth5x.sys [2012-08-02 79488]
R3 kbeepm;kbeepm;c:\users\Auresil\AppData\Local\Temp\kbeepm.sys [x]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-09-17 607496]
R3 RoxMediaDBGame1X;RoxMediaDBGame1X;c:\program files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [2012-08-02 1095824]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\DRIVERS\V0470Vid.sys [2007-05-08 146720]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-21 1343400]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2014-05-02 61984]
R4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-06 185640]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2014-05-02 88992]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2014-05-02 166816]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys [2014-05-02 110496]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2014-05-02 125216]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2014-05-02 96160]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2014-05-02 121888]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2014-05-02 288032]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2014-05-02 208800]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2014-05-02 109856]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2014-05-02 243872]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2014-05-02 96928]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2014-05-05 166432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 217600]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-09-04 1890128]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-08-08 375056]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2014-05-05 141560]
S2 PandaAgent;Panda Devices Agent;c:\program files\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-05-22 61688]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2014-05-05 137760]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2014-05-05 103456]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2014-05-05 112160]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2014-05-06 122912]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys [2014-05-05 98336]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2014-05-06 38136]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2014-03-25 48736]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1143920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:44]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 11:59]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-03 11:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = http://www.trojaner-board.de/83878-o...processes.html
IE: Free YouTube Download - c:\users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Auresil\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2012-12-12 04:27; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-InstaShare - c:\programdata\InstaShare\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-13  15:37:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-13 13:37
.
Vor Suchlauf: 24 Verzeichnis(se), 273.905.172.480 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 273.448.071.168 Bytes frei
.
- - End Of File - - B9443FDF280382A49B1E3057103F87D4
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 13.09.2014, 14:54

Servus,

gut gemacht.

So geht es weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

Raziel30 · 13.09.2014, 15:26

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 13/09/2014 um 16:04:42
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate  (32 bits)
# Benutzername : Auresil - RAZIEL
# Gestartet von : C:\Users\Auresil\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7600.16700


-\\ Mozilla Firefox v32.0.1 (x86 de)

[ Datei : C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [12827 octets] - [12/09/2014 15:28:33]
AdwCleaner[R1].txt - [1012 octets] - [12/09/2014 15:36:29]
AdwCleaner[R2].txt - [1141 octets] - [13/09/2014 16:01:17]
AdwCleaner[S0].txt - [12808 octets] - [12/09/2014 15:31:02]
AdwCleaner[S1].txt - [1063 octets] - [13/09/2014 16:04:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1123 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 13.09.2014
Scan Time: 16:08:36
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.13.02
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Auresil

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305264
Time Elapsed: 10 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Auresil (administrator) on RAZIEL on 13-09-2014 16:22:39
Running from C:\Users\Auresil\Desktop
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\System32\PSIService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd.) C:\Windows\V0470Mon.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [V0470Mon.exe] => C:\Windows\V0470Mon.exe [32768 2007-06-04] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trojaner-board.de/83878-o...processes.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x70379B4BC5BBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Homepage: hxxp://www.google.at/
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmidas.dll (Midasplayer Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FT DeepDark - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-08-29]
FF Extension: Firebug - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\firebug@software.joehewitt.com.xpi [2013-03-08]
FF Extension: NoScript - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Adblock Plus - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Auresil\AppData\Roaming\Mozilla\Firefox\Profiles\n7vnhitj.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-13]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1890128 2014-09-04] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-08-08] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [141560 2014-05-05] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-05-22] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)
S3 RoxMediaDBGame1X; C:\Program Files\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x.sys [79488 2012-08-02] (UT)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 kxwdmdrv; C:\Windows\System32\drivers\kx.sys [607496 2009-09-18] (Eugene Gavrilov)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-13] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [61984 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [137760 2014-05-05] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103456 2014-05-05] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [166432 2014-05-05] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [112160 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [122912 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-07-10] (Corel Corporation)
S3 VF0470Vid; C:\Windows\System32\DRIVERS\V0470Vid.sys [146720 2007-05-09] (Creative Technology Ltd.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1143920 2010-08-04] (VIA Technologies, Inc.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Auresil\AppData\Local\Temp\catchme.sys [X]
S3 CFcatchme; \??\C:\Users\Auresil\AppData\Local\Temp\CFcatchme.sys [X]
S3 kbeepm; \??\C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 16:21 - 2014-09-13 16:21 - 00001042 _____ () C:\Users\Auresil\Desktop\mbam.txt
2014-09-13 16:06 - 2014-09-13 16:06 - 00001203 _____ () C:\Users\Auresil\Desktop\AdwCleaner[S1].txt
2014-09-13 16:06 - 2014-03-25 15:15 - 00048736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-09-13 16:00 - 2014-09-13 16:00 - 01373475 _____ () C:\Users\Auresil\Desktop\AdwCleaner_3.310.exe
2014-09-13 15:37 - 2014-09-13 15:37 - 00017485 _____ () C:\ComboFix.txt
2014-09-13 15:13 - 2014-09-13 15:13 - 00001219 _____ () C:\CF-Submit.htm
2014-09-13 15:06 - 2014-09-13 15:06 - 05577449 ____R (Swearware) C:\Users\Auresil\Desktop\ComboFix.exe
2014-09-13 13:52 - 2014-09-13 15:38 - 00000000 ____D () C:\Qoobox
2014-09-13 13:52 - 2014-09-13 15:24 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 13:52 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-13 13:52 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-13 13:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-13 13:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-13 13:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-13 13:52 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-13 13:52 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-13 13:52 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-13 13:40 - 2014-09-13 13:41 - 00034097 _____ () C:\Users\Auresil\Desktop\Addition.txt
2014-09-13 13:39 - 2014-09-13 16:23 - 00015861 _____ () C:\Users\Auresil\Desktop\FRST.txt
2014-09-13 13:39 - 2014-09-13 16:22 - 00000000 ____D () C:\FRST
2014-09-13 13:38 - 2014-09-13 13:38 - 01097728 _____ (Farbar) C:\Users\Auresil\Desktop\FRST.exe
2014-09-13 13:03 - 2014-09-13 13:25 - 00064120 _____ () C:\Users\Auresil\Desktop\OTL.Txt
2014-09-13 13:03 - 2014-09-13 13:03 - 00067732 _____ () C:\Users\Auresil\Desktop\Extras.Txt
2014-09-13 12:56 - 2014-09-13 12:56 - 00602112 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTL.exe
2014-09-13 11:32 - 2014-09-13 11:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 16:57 - 2014-09-12 16:57 - 00000000 ____D () C:\Program Files\ESET
2014-09-12 16:10 - 2014-09-13 16:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 16:09 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 16:09 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-12 15:53 - 2014-09-12 15:53 - 00259584 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTH.scr
2014-09-12 15:50 - 2014-09-12 15:50 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\Program Files\Glarysoft
2014-09-12 15:43 - 2014-09-12 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 15:32 - 2014-09-13 16:05 - 00001870 _____ () C:\Windows\PFRO.log
2014-09-12 15:32 - 2014-09-13 16:05 - 00000448 _____ () C:\Windows\setupact.log
2014-09-12 15:32 - 2014-09-12 15:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 15:28 - 2014-09-13 16:04 - 00000000 ____D () C:\AdwCleaner
2014-09-11 12:59 - 2014-09-11 12:59 - 00000000 ____D () C:\Users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Program Files\Daring Development
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-09-03 14:19 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-08-24 01:49 - 2014-08-24 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-08-21 17:42 - 2014-08-21 17:42 - 00000000 _____ () C:\ctapi_out_gr.txt
2014-08-18 11:58 - 2014-09-13 16:00 - 00000000 ___RD () C:\Users\Auresil\Desktop\Programme

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 16:23 - 2014-09-13 13:39 - 00015861 _____ () C:\Users\Auresil\Desktop\FRST.txt
2014-09-13 16:22 - 2014-09-13 13:39 - 00000000 ____D () C:\FRST
2014-09-13 16:21 - 2014-09-13 16:21 - 00001042 _____ () C:\Users\Auresil\Desktop\mbam.txt
2014-09-13 16:10 - 2009-11-10 20:44 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:10 - 2009-07-14 06:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 16:10 - 2009-07-14 06:34 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 16:09 - 2014-04-19 20:44 - 01023758 _____ () C:\Windows\WindowsUpdate.log
2014-09-13 16:08 - 2014-09-12 16:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 16:06 - 2014-09-13 16:06 - 00001203 _____ () C:\Users\Auresil\Desktop\AdwCleaner[S1].txt
2014-09-13 16:06 - 2014-07-31 00:21 - 00000000 ____D () C:\Users\Auresil\AppData\Local\LogMeIn Hamachi
2014-09-13 16:05 - 2014-09-12 15:32 - 00001870 _____ () C:\Windows\PFRO.log
2014-09-13 16:05 - 2014-09-12 15:32 - 00000448 _____ () C:\Windows\setupact.log
2014-09-13 16:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 16:04 - 2014-09-12 15:28 - 00000000 ____D () C:\AdwCleaner
2014-09-13 16:00 - 2014-09-13 16:00 - 01373475 _____ () C:\Users\Auresil\Desktop\AdwCleaner_3.310.exe
2014-09-13 16:00 - 2014-08-18 11:58 - 00000000 ___RD () C:\Users\Auresil\Desktop\Programme
2014-09-13 15:38 - 2014-09-13 13:52 - 00000000 ____D () C:\Qoobox
2014-09-13 15:37 - 2014-09-13 15:37 - 00017485 _____ () C:\ComboFix.txt
2014-09-13 15:26 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-13 15:25 - 2012-05-06 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 15:24 - 2014-09-13 13:52 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 15:24 - 2009-07-14 04:03 - 58982400 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-13 15:24 - 2009-07-14 04:03 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-13 15:24 - 2009-07-14 04:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-13 15:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-13 15:24 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-13 15:13 - 2014-09-13 15:13 - 00001219 _____ () C:\CF-Submit.htm
2014-09-13 15:06 - 2014-09-13 15:06 - 05577449 ____R (Swearware) C:\Users\Auresil\Desktop\ComboFix.exe
2014-09-13 14:03 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-13 14:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-13 13:41 - 2014-09-13 13:40 - 00034097 _____ () C:\Users\Auresil\Desktop\Addition.txt
2014-09-13 13:38 - 2014-09-13 13:38 - 01097728 _____ (Farbar) C:\Users\Auresil\Desktop\FRST.exe
2014-09-13 13:25 - 2014-09-13 13:03 - 00064120 _____ () C:\Users\Auresil\Desktop\OTL.Txt
2014-09-13 13:03 - 2014-09-13 13:03 - 00067732 _____ () C:\Users\Auresil\Desktop\Extras.Txt
2014-09-13 12:56 - 2014-09-13 12:56 - 00602112 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTL.exe
2014-09-13 11:32 - 2014-09-13 11:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 16:59 - 2013-09-01 16:00 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\vlc
2014-09-12 16:57 - 2014-09-12 16:57 - 00000000 ____D () C:\Program Files\ESET
2014-09-12 16:42 - 2011-02-25 16:51 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 16:42 - 2011-01-15 10:24 - 00147521 ____N () C:\Windows\Minidump\091214-17628-01.dmp
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-12 16:09 - 2014-09-12 16:09 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-12 16:00 - 2011-01-15 10:24 - 00147521 ____N () C:\Windows\Minidump\091214-14944-01.dmp
2014-09-12 15:53 - 2014-09-12 15:53 - 00259584 _____ (OldTimer Tools) C:\Users\Auresil\Desktop\OTH.scr
2014-09-12 15:50 - 2014-09-12 15:50 - 00001232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2014-09-12 15:50 - 2014-09-12 15:50 - 00000000 ____D () C:\Program Files\Glarysoft
2014-09-12 15:43 - 2014-09-12 15:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-12 15:40 - 2011-10-17 19:34 - 00000000 ___RD () C:\Users\Auresil\Pics
2014-09-12 15:32 - 2014-09-12 15:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-11 19:39 - 2014-04-25 20:11 - 00000000 ____D () C:\Users\Auresil\Downloads\JDownloader
2014-09-11 18:17 - 2012-12-19 20:57 - 00000000 ____D () C:\Program Files\JDownloader
2014-09-11 12:59 - 2014-09-11 12:59 - 00000000 ____D () C:\Users\Auresil\AppData\Local\Daring_Development_Inc
2014-09-11 12:50 - 2014-09-11 12:50 - 00000000 ____D () C:\Program Files\Daring Development
2014-09-11 12:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Resources
2014-09-11 00:17 - 2014-07-16 20:27 - 00000000 ____D () C:\Program Files\Steam
2014-09-11 00:17 - 2011-01-15 18:23 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Winamp
2014-09-09 13:41 - 2013-01-11 15:31 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\FileZilla
2014-09-09 13:20 - 2011-01-16 07:47 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\XnView
2014-09-05 12:46 - 2014-08-13 14:59 - 00011695 _____ () C:\Users\Auresil\Desktop\Verkäufe.xlsx
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-05 12:34 - 2014-09-05 12:34 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-08-26 15:35 - 2011-01-24 00:36 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Skype
2014-08-24 02:01 - 2014-07-17 20:41 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Call Graph
2014-08-24 01:49 - 2014-08-24 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-08-24 01:49 - 2013-09-08 14:56 - 00000000 ____D () C:\Fraps
2014-08-21 17:42 - 2014-08-21 17:42 - 00000000 _____ () C:\ctapi_out_gr.txt
2014-08-21 14:33 - 2014-07-16 20:27 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-21 12:40 - 2012-01-15 16:25 - 00000000 ___RD () C:\Users\Auresil\Desktop\Games
2014-08-17 20:54 - 2011-01-28 17:51 - 00000112 _____ () C:\Users\Auresil\AppData\default.pls
2014-08-17 20:54 - 2011-01-21 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel MediaOne
2014-08-17 20:52 - 2014-01-28 19:44 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\Roxio
2014-08-17 19:48 - 2012-02-04 15:32 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-08-17 18:22 - 2011-01-23 22:06 - 00000000 ___RD () C:\Users\Auresil\Programme
2014-08-17 17:28 - 2011-02-08 00:08 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\WinRAR
2014-08-16 18:46 - 2014-08-13 23:51 - 00000000 ____D () C:\Users\Auresil\AppData\Roaming\.minecraft

Some content of TEMP:
====================
C:\Users\Auresil\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2014-09-06 01:37

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Auresil at 2014-09-13 16:23:22
Running from C:\Users\Auresil\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Cloud Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Uninstaller 5.3.1.17 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.17 - Glarysoft Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8900 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8900 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AnyDVD (HKLM\...\AnyDVD) (Version: 6.7.9.0 - SlySoft)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
Audacity 1.3.14 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.61-release - Blender Foundation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call Graph (HKLM\...\Call Graph) (Version:  - Sedna Wireless Pvt. Ltd.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version:  - )
Canon MP280 series Benutzerregistrierung (HKLM\...\Canon MP280 series Benutzerregistrierung) (Version:  - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0527.1242.20909 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Corel MediaOne (HKLM\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Painter Essentials 3 (Version: 3.2 - Corel Corporation) Hidden
Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00) (HKLM\...\Creative VF0470) (Version:  - )
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.24.3 - Electronic Arts)
Die Sims™ 3 Erstelle ein Muster-Tool (HKLM\...\{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}) (Version: 1.0.0 - Electronic Arts)
eJIFFY (HKLM\...\{05B324AB-7428-4C00-AD3B-E591C561645C}_is1) (Version: 1.1.2 - Elitegroup Computer Systems)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileZilla Client 3.2.7.1 (HKCU\...\FileZilla Client) (Version: 3.2.7.1 - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Free YouTube Download version 3.1.41.1201 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.41.1201 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.36.1201 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.36.1201 - DVDVideoSoft Ltd.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HydraVision (Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader Packages (HKCU\...\JDownloader Packages) (Version:  - ) <==== ATTENTION
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Knoll Light Factory EZ Studio (HKLM\...\Knoll Light Factory EZ Studio) (Version:  - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301031}) (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Neverwinter Nights 2 (HKLM\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 3.0.1 - Panda Security)
Panda Cloud Antivirus (Version: 7.05.00.0000 - Panda Security) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.01 - Panda Security)
Panda Devices Agent (Version: 1.04.00 - Panda Security) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.6 - Pando Networks Inc.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.6 - Frank Heindörfer, Philip Chinery)
PhotoFiltre (HKCU\...\PhotoFiltre) (Version:  - )
Pinnacle Studio 14 (HKLM\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio 14 Content v.0.1 (HKLM\...\{9C6D4A7A-DD9A-4044-B200-24E569B8D121}_is1) (Version:  - )
Pinnacle Studio Ultimate Collection Plugins (HKLM\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6278 - Realtek Semiconductor Corp.)
Red Giant ToonIt Studio (HKLM\...\Red Giant ToonIt Studio) (Version:  - )
Roxio CinePlayer Decoder Pack (Version: 4.3.0 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 1.0 - Roxio)
Roxio Game Capture HD PRO (Version: 1.0.135 - Roxio) Hidden
Roxio GameCAP HD PRO (Version: 1.00.0000 - Roxio) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 4 (HKLM\...\TeamViewer 4) (Version:  - TeamViewer GmbH)
Trapcode 3DStroke Studio (HKLM\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM\...\Trapcode Shine Studio) (Version:  - )
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
TUGZip 3.5 (HKLM\...\TUGZip_is1) (Version:  - Christian Kindahl)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ulead PhotoImpact X3 (HKLM\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (Version: 1.00.0000 - Corel) Hidden
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2483110) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{592B47F5-D305-431A-9781-ED6CBB44FA8B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VL Sound 5.1 (HKLM\...\VL Sound 5.1) (Version:  - Valera Lavrov)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.5 - Shark007)
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Wisdom-soft AutoScreenRecorder 3.1 Pro (HKLM\...\Wisdom-soft AutoScreenRecorder 3.1 Pro) (Version:  - Wisdom Software Inc.)
XMedia Recode 2.2.9.7 (HKLM\...\XMedia Recode) (Version: 2.2.9.7 - Sebastian Dörfler)
XnView 1.97.4 (HKLM\...\XnView_is1) (Version: 1.97.4 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-4077451317-3905838216-2800536398-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll ()

==================== Restore Points  =========================

22-08-2014 14:21:07 Geplanter Prüfpunkt
31-08-2014 19:08:05 Geplanter Prüfpunkt
08-09-2014 10:57:15 Geplanter Prüfpunkt
13-09-2014 11:52:41 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-09-13 15:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F99358E-A853-4B62-9324-8E83018AA638} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {10502311-C601-4EED-B7E4-30C152211498} - \{F50FA6C7-6013-4612-BEC3-B11E32CDB852} No Task File <==== ATTENTION
Task: {3F789B6F-1B27-402F-A789-2B24909393AC} - \{1041AEBA-1E27-4781-AA22-11DF0D50FC10} No Task File <==== ATTENTION
Task: {5421911B-8ADD-4A05-8DC9-568EDC30FBEC} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {5D191F61-3A4A-4D80-BA10-BFD874DB1D73} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {60C03FB7-C0EC-4418-B93E-7B92F94BAF1B} - \{CF7C47DD-351D-438A-9D4D-5F6F628D7DCA} No Task File <==== ATTENTION
Task: {64A77EA3-101F-480A-B877-E15DB4611E01} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files\NCH Swift Sound\WavePad\WavePad.exe [2011-01-24] (NCH Software)
Task: {73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {817FF675-2354-4329-9439-60185B41FEC9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B463855F-1642-4276-B480-7243C6919B48} - \{35A65C4E-ACE2-4177-8437-74912A6E4364} No Task File <==== ATTENTION
Task: {D68D67DD-953E-41FC-BCFC-125CDD11ABF3} - \{C20E2991-1BBB-4869-8CD0-339F5FA086EA} No Task File <==== ATTENTION
Task: {F0686270-4CE9-493D-B276-F7EF7F4F2DB4} - \{EF40571D-7F72-47B4-AB8A-5566B8DD5F21} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-01-24 00:35 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2009-08-23 19:58 - 2009-08-23 19:58 - 00094208 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\system32\PSIService.exe
2014-09-13 11:32 - 2014-09-13 11:32 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-22 10:44 - 2014-07-22 10:44 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Auresil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Ulead AutoDetector v2 => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSCONFIG\startupreg: USBToolTip => C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: Wisdom-soft AutoScreenRecorder 3.1 Pro => C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro\AutoScreenRecorder.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2014 02:57:55 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/13/2014 01:52:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.


System errors:
=============
Error: (09/13/2014 04:06:00 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/13/2014 03:25:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (09/13/2014 03:25:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎13.‎09.‎2014 um 15:24:28 unerwartet heruntergefahren.

Error: (09/13/2014 03:24:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/13/2014 03:24:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/13/2014 03:21:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "fqQrhhY" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (09/13/2014 03:21:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/13/2014 03:18:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/13/2014 03:12:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/13/2014 03:11:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "fqQrhhY" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 35%
Total physical RAM: 3327.37 MB
Available physical RAM: 2135.34 MB
Total Pagefile: 11367.64 MB
Available Pagefile: 10037.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:254.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 994F86BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 14.09.2014, 09:20

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
S3 kbeepm; \??\C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys [X]
Task: {10502311-C601-4EED-B7E4-30C152211498} - \{F50FA6C7-6013-4612-BEC3-B11E32CDB852} No Task File <==== ATTENTION
Task: {3F789B6F-1B27-402F-A789-2B24909393AC} - \{1041AEBA-1E27-4781-AA22-11DF0D50FC10} No Task File <==== ATTENTION
Task: {5421911B-8ADD-4A05-8DC9-568EDC30FBEC} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {5D191F61-3A4A-4D80-BA10-BFD874DB1D73} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {60C03FB7-C0EC-4418-B93E-7B92F94BAF1B} - \{CF7C47DD-351D-438A-9D4D-5F6F628D7DCA} No Task File <==== ATTENTION
Task: {73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {817FF675-2354-4329-9439-60185B41FEC9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B463855F-1642-4276-B480-7243C6919B48} - \{35A65C4E-ACE2-4177-8437-74912A6E4364} No Task File <==== ATTENTION
Task: {D68D67DD-953E-41FC-BCFC-125CDD11ABF3} - \{C20E2991-1BBB-4869-8CD0-339F5FA086EA} No Task File <==== ATTENTION
Task: {F0686270-4CE9-493D-B276-F7EF7F4F2DB4} - \{EF40571D-7F72-47B4-AB8A-5566B8DD5F21} No Task File <==== ATTENTION
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*InstaShare*

:folderfind
*InstaShare*

:regfind
InstaShare
JDownloader Packages

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die Logdatei von SystemLook.

Raziel30 · 17.09.2014, 12:35

Nur kurz zur Info.... bin jetzt dabei die Sachen zu machen

M-K-D-B · 17.09.2014, 14:49

Zitat:

Zitat von Raziel30

Nur kurz zur Info.... bin jetzt dabei die Sachen zu machen

ok

Raziel30 · 17.09.2014, 15:00

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Auresil at 2014-09-17 14:07:24 Run:1
Running from C:\Users\Auresil\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
S3 kbeepm; \??\C:\Users\Auresil\AppData\Local\Temp\kbeepm.sys [X]
Task: {10502311-C601-4EED-B7E4-30C152211498} - \{F50FA6C7-6013-4612-BEC3-B11E32CDB852} No Task File <==== ATTENTION
Task: {3F789B6F-1B27-402F-A789-2B24909393AC} - \{1041AEBA-1E27-4781-AA22-11DF0D50FC10} No Task File <==== ATTENTION
Task: {5421911B-8ADD-4A05-8DC9-568EDC30FBEC} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {5D191F61-3A4A-4D80-BA10-BFD874DB1D73} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {60C03FB7-C0EC-4418-B93E-7B92F94BAF1B} - \{CF7C47DD-351D-438A-9D4D-5F6F628D7DCA} No Task File <==== ATTENTION
Task: {73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {817FF675-2354-4329-9439-60185B41FEC9} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {B463855F-1642-4276-B480-7243C6919B48} - \{35A65C4E-ACE2-4177-8437-74912A6E4364} No Task File <==== ATTENTION
Task: {D68D67DD-953E-41FC-BCFC-125CDD11ABF3} - \{C20E2991-1BBB-4869-8CD0-339F5FA086EA} No Task File <==== ATTENTION
Task: {F0686270-4CE9-493D-B276-F7EF7F4F2DB4} - \{EF40571D-7F72-47B4-AB8A-5566B8DD5F21} No Task File <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
Firefox DefaultSearchEngine deleted successfully.
kbeepm => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10502311-C601-4EED-B7E4-30C152211498}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10502311-C601-4EED-B7E4-30C152211498}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F50FA6C7-6013-4612-BEC3-B11E32CDB852}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F789B6F-1B27-402F-A789-2B24909393AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F789B6F-1B27-402F-A789-2B24909393AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1041AEBA-1E27-4781-AA22-11DF0D50FC10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5421911B-8ADD-4A05-8DC9-568EDC30FBEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5421911B-8ADD-4A05-8DC9-568EDC30FBEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D191F61-3A4A-4D80-BA10-BFD874DB1D73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D191F61-3A4A-4D80-BA10-BFD874DB1D73}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60C03FB7-C0EC-4418-B93E-7B92F94BAF1B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C03FB7-C0EC-4418-B93E-7B92F94BAF1B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF7C47DD-351D-438A-9D4D-5F6F628D7DCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C1A9AB-6F7D-4ACA-8917-E1F7D1EE32CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{817FF675-2354-4329-9439-60185B41FEC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817FF675-2354-4329-9439-60185B41FEC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B463855F-1642-4276-B480-7243C6919B48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B463855F-1642-4276-B480-7243C6919B48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{35A65C4E-ACE2-4177-8437-74912A6E4364}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D68D67DD-953E-41FC-BCFC-125CDD11ABF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D68D67DD-953E-41FC-BCFC-125CDD11ABF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C20E2991-1BBB-4869-8CD0-339F5FA086EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0686270-4CE9-493D-B276-F7EF7F4F2DB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0686270-4CE9-493D-B276-F7EF7F4F2DB4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF40571D-7F72-47B4-AB8A-5566B8DD5F21}" => Key deleted successfully.
EmptyTemp: => Removed 166.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60d9964c7772684b87df253507762390
# engine=20127
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-12 03:45:10
# local_time=2014-09-12 05:45:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 87 94 3217772 196732684 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1379524 162975453 0 0
# scanned=49225
# found=6
# cleaned=0
# scan_time=1886
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=6FA33E5768F1E40A7CAA358C9A03356D7002119A ft=1 fh=35739b1b5e17d626 vn="a variant of Win32/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=86A4BB51FD529357C0ECA0ABC4C9BA83EE74FE55 ft=1 fh=4162711ac214dd87 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\uninst.exe"
sh=B4C34E9F423E172652147BDFA4828043D1B37F82 ft=1 fh=bb5c35d0c214dd87 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe"
sh=42DD09E1659110EC9DB5DEB928345FF207EDC88C ft=1 fh=51be95ddd4470de1 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\wpsetup-4.52_v4.52.exe"
sh=39124F7BD6F91DA2179011F51AF1B068D6FEE8A9 ft=1 fh=c719b2fe67e3bb02 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60d9964c7772684b87df253507762390
# engine=20196
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-17 01:47:50
# local_time=2014-09-17 03:47:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 87 94 3642732 197157644 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 1804484 163400413 0 0
# scanned=207406
# found=37
# cleaned=0
# scan_time=5511
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=9A32F0931448B8A54797633AE522F02B63EA5994 ft=1 fh=a82ccf08ea9c28d5 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\LPT\sppsm.dll.vir"
sh=7A085B97048A820D54ED72E269224E876D080462 ft=1 fh=a5b78218725d2dc8 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\LPT\spusm.dll.vir"
sh=865384F702C9204E9090888D2AD5516C950C7C15 ft=1 fh=0b83c2459d452412 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\LPT\srbu.dll.vir"
sh=4EB4960B45DF2F1ACF36FAC5E3EDED798697BA16 ft=1 fh=b6606b547839086a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\LPT\srptc.dll.vir"
sh=0B48C23AA803B9E66EA2C58285BF980FFDB579A4 ft=1 fh=69c5d65d9fc74c09 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=0B48C23AA803B9E66EA2C58285BF980FFDB579A4 ft=1 fh=69c5d65d9fc74c09 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=CAC4194AE3C03E70C7A55D766F511B15725E6462 ft=1 fh=7fb5a100f5be151f vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=CAC4194AE3C03E70C7A55D766F511B15725E6462 ft=1 fh=7fb5a100f5be151f vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=4DFA78BA409679625D11E0AB69F1AFA98B9D8FCF ft=1 fh=4b875caa6b383881 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=9A32F0931448B8A54797633AE522F02B63EA5994 ft=1 fh=a82ccf08ea9c28d5 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=7A085B97048A820D54ED72E269224E876D080462 ft=1 fh=a5b78218725d2dc8 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=865384F702C9204E9090888D2AD5516C950C7C15 ft=1 fh=0b83c2459d452412 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=477D08427CD2AE4254C38DD40026839492F26633 ft=1 fh=9fc7d204295a5a59 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=FD9E55CB3168DA6F8194EF9FD8290920D09A6472 ft=1 fh=c36590b4dea46006 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=A29DF8FF2B38B038A3A2FD3CADA515289A279F67 ft=1 fh=649d26e75c89ec4e vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=6FBFA0F4C90F550228303EEAE89D283D9AE83A15 ft=1 fh=96a9120a815c0f84 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=8750EA97845B1868A5C53AF32C0F879E31A7DF65 ft=1 fh=6895df542f7a0854 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=9C076ADBB428FC0447A2FE5C0FBB8F27672962A4 ft=1 fh=ca968d34ad0257e0 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=76747834BE2C99A69D958C529736E27D6642B228 ft=1 fh=e22fa7574714da10 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Auresil\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=6FA33E5768F1E40A7CAA358C9A03356D7002119A ft=1 fh=35739b1b5e17d626 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=86A4BB51FD529357C0ECA0ABC4C9BA83EE74FE55 ft=1 fh=4162711ac214dd87 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\uninst.exe"
sh=B4C34E9F423E172652147BDFA4828043D1B37F82 ft=1 fh=bb5c35d0c214dd87 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe"
sh=42DD09E1659110EC9DB5DEB928345FF207EDC88C ft=1 fh=51be95ddd4470de1 vn="Variante von Win32/Toolbar.Conduit.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\NCH Swift Sound\WavePad\wpsetup-4.52_v4.52.exe"
sh=39124F7BD6F91DA2179011F51AF1B068D6FEE8A9 ft=1 fh=c719b2fe67e3bb02 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
sh=97164062E3F5615CAFBB9FBCBA6FA686A35428FB ft=1 fh=189923081aa0ba2d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe"
sh=DADF4CF08FDB5DF28DE92CDC6C1BF094950E6954 ft=0 fh=0000000000000000 vn="Variante von MSIL/Adware.PullUpdate.E Anwendung" ac=I fn="C:\Qoobox\Quarantine\[4]-Submit_2014-09-13_15.13.08.zip"
sh=913201B6FEADE95AD0757C9CDCA955599E0A32B7 ft=1 fh=31feb2906d974621 vn="Variante von MSIL/Adware.PullUpdate.E Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\XhpjpKqvxe\dat\fIwlbWAjz.exe.vir"
sh=E8C077F0CAD847D49AEDC3DE1986FC4718CA4DAB ft=1 fh=224bfbf125071a23 vn="Variante von MSIL/Adware.PullUpdate.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\XhpjpKqvxe\dat\oIbTaVXWOQ.dll.vir"
sh=97164062E3F5615CAFBB9FBCBA6FA686A35428FB ft=1 fh=189923081aa0ba2d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe"
sh=A3C34768945D20D0092FF1ACC21743DD44EF834B ft=1 fh=d53322918ba4bab1 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=F59B17F3E2564C1109F2D809765F249C63CDCFEE ft=1 fh=691cf63cacd53564 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\spbl.dll"
sh=065382CE8FE1478D6C7C3797EAD9EB50C75BD48A ft=1 fh=1ccde26b3a88e883 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\sppsm.dll"
sh=5E47C6785C093B39CEE6A331063B5EF1F69D928A ft=1 fh=c435b089082faadf vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\spusm.dll"
sh=C9B1975AC326A7338C9709A4135AFDC6F8F11A96 ft=1 fh=105c5382c76636de vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\srbs.dll"
sh=99CD68E5C305FC611EDF9331AD3EC275C518EDC1 ft=1 fh=31e0edad4095731d vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\srbu.dll"
sh=2590F360B01703E42CE5C998EC6937EA3BF5BE93 ft=1 fh=5669bc216d38a8b4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIE480.tmp-\srptc.dll"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7  x86 (UAC is disabled!)  
 Out of date service pack!! 
``````````````Antivirus/Firewall Check:`````````````` 
Panda Cloud Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (32.0.1) 
 Mozilla Thunderbird (24.6.0) 
````````Process Check: objlist.exe by Laurent````````  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 15:57 on 17/09/2014 by Auresil
Administrator - Elevation successful

========== filefind ==========

Searching for "*InstaShare*"
C:\Qoobox\Quarantine\C\ProgramData\InstaShare\InstaShare.ico.vir	--a---- 109344 bytes	[10:47 11/09/2014]	[10:47 11/09/2014] B6C924FA067D8B833D49F85E5674663C
C:\Qoobox\Quarantine\Registry_backups\AddRemove-InstaShare.reg.dat	--a---- 932 bytes	[13:36 13/09/2014]	[13:36 13/09/2014] C15E44271FA0F2C5C532B4F79E33984D

========== folderfind ==========

Searching for "*InstaShare*"
C:\Qoobox\Quarantine\C\InstaShare	d------	[13:21 13/09/2014]
C:\Qoobox\Quarantine\C\ProgramData\InstaShare	d------	[13:21 13/09/2014]
C:\Qoobox\Quarantine\C\Users\Auresil\AppData\Local\InstaShare	d------	[13:21 13/09/2014]

========== regfind ==========

Searching for "InstaShare"
No data found.

Searching for "JDownloader Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
"DisplayName"="JDownloader Packages"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
"UninstallString"="C:\Users\Auresil\AppData\Roaming\JDownloaderPackages\UninstallPackages\Uninstall.exe /Uninstall /NM="JDownloader Packages""
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
"DisplayName"="JDownloader Packages"
[HKEY_USERS\S-1-5-21-4077451317-3905838216-2800536398-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages]
"UninstallString"="C:\Users\Auresil\AppData\Roaming\JDownloaderPackages\UninstallPackages\Uninstall.exe /Uninstall /NM="JDownloader Packages""

-= EOF =-

M-K-D-B · 18.09.2014, 15:25

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Windows\Installer\MSIE480.tmp-
DeleteKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\JDownloader Packages
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!

Verwende für jede Anwendung und jeden Account ein anderes Passwort.
Ändere regelmäßig dein Passwort, vor allem bei Onlinebanking oder deinem Emailpostfach ist das sehr wichtig.
Speichere keine Passwörter auf deinem PC, gib diese nicht an Dritte weiter.
Ein sicheres Passwort besteht aus mindestens 8 Zeichen und beinhaltet Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen.
Benutze keine Zahlen- oder Buchstabenkombinationen, ( zB 12345678, qwertzui) auch keine Zahlen oder Buchstabenmuster.
Verwende keine Passwörter die einen Bezug zu dir, deinem Wohnort, Familienmitglied oder Haustier (Geburtsdatum, Postleitzahl, Adresse, Name) haben.

Ganz Wichtig:
Windows 7 Service Pack 1 über Systemsteuerung > System und Sicherheit > Windows Update > Nach Updates suchen downloaden und installieren.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Java 7 Update 65
Adobe Flash Player 14
Adobe Reader 10

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Java 8 Update 20
Adobe Flash Player
Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Raziel30 · 18.09.2014, 17:56

Tut das was meinem JD? Bzw kann ich den dann noch normal verwenden?

Brauch den nämlich zum "arbeiten" (Xbox Forum und das runterladen von Erfolgsbildern geht so einfacher)

InstaShare geht nicht löschen

Plagegeister aller Art und deren Bekämpfung: InstaShare geht nicht löschen