Wind 7 Ultim. Malwarebeytes hat einen Trojaner Agent gefunden.

gcallin · 30.09.2014, 09:37

Hallo, nach einen Scan hat Malwarebytes einen Trojaner Agent gefunden der sich jetzt in der Quarantäne befindet nun möchte ich Ihn beseitigen.
Ich habe vor Parr Tagen einen Designe für Wind. runtergeladen und so kam er zu mir -.-.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.09.2014
Suchlauf-Zeit: 04:16:41
Logdatei: Walwarebytes.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.28.02
Rootkit Datenbank: v2014.09.19.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kewin

Malwarebytes-->

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 299092
Verstrichene Zeit: 20 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.OpenCandy, C:\Users\Kewin\Downloads\DTLite4491-0356.exe, In Quarantäne, [61a19a5999e264d2bffd23124fb69769], 
Trojan.Agent, C:\Windows\Resources\Themes\explorer.exe, In Quarantäne, [748efff40a7163d301b149fc31d33dc3], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Addition-->

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2014
Ran by Kewin at 2014-09-30 09:24:11
Running from C:\Users\Kewin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{766255CE-D156-11E3-8DBC-A136EB52ACCF}) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.0.1 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
Avira (HKLM-x32\...\{149bb302-ebda-47ae-b3e6-297cf4c356dc}) (Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.40000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Chipset Device Software (Version: 10.0.14 - Intel Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Network Connections 19.3.141.0 (HKLM\...\PROSetDX) (Version: 19.3.141.0 - Intel)
Intel(R) Network Connections 19.3.141.0 (Version: 19.3.141.0 - Intel) Hidden
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2725 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.14 - Intel(R) Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.00 (Version: 311.00 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VPN Manager 1.6.69.0 (HKLM-x32\...\VPN Manager) (Version: 1.6.69.0 - Perfect-Privacy)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-09-2014 14:57:30 Geplanter Prüfpunkt
27-09-2014 00:36:48 TrueCrypt installation
27-09-2014 00:37:34 Gerätetreiber-Paketinstallation: TAP-Win32 Provider Netzwerkadapter
28-09-2014 00:20:22 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
28-09-2014 00:29:39 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-07-22 09:24 - 00001254 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com 
127.0.0.1 lm.licenses.adobe.com 
127.0.0.1 na1r.services.adobe.com 
127.0.0.1 hlrcv.stage.adobe.com 
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com 


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {173066D6-DDC3-4880-BAEA-5A6225A7E43D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {292C2148-9043-4E0E-B9B9-E2C4D6BA85D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {7C0ED110-C7F5-4C71-A5BE-30F06E766203} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {97492F3D-8025-42A7-9538-2CB8A99B27D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {AA2A9D86-7DA3-46D8-B889-7ADFA687E8BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {F3688D14-7EEA-4A27-B1AA-8859F8C7CA9A} - System32\Tasks\AdobeAAMUpdater-1.0-Kewin-PC-Kewin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-15 19:33 - 2013-01-10 23:36 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-08-15 19:32 - 2012-04-09 08:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-30 09:20 - 2014-09-30 09:20 - 00050477 _____ () C:\Users\Kewin\Downloads\Defogger.exe
2014-09-17 13:31 - 2014-09-17 13:31 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-09-28 04:19 - 2014-09-17 13:31 - 00052472 ____N () C:\Users\Kewin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-17 13:30 - 2014-09-17 13:30 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-28 23:29 - 2012-12-10 07:28 - 00057432 _____ () Z:\cleanranda_v2\bin\zlib.dll
2014-09-28 23:29 - 2012-12-10 07:27 - 00036961 _____ () Z:\cleanranda_v2\bin\Plugins\dbx_mmap.dll
2014-09-28 23:29 - 2012-12-12 14:43 - 00322048 _____ () Z:\cleanranda_v2\bin\Plugins\facebook.dll
2014-09-28 23:29 - 2012-12-10 07:27 - 00339550 _____ () Z:\cleanranda_v2\bin\Plugins\icq.dll
2014-09-28 23:29 - 2012-12-10 07:26 - 00379993 _____ () Z:\cleanranda_v2\bin\Plugins\irc.dll
2014-09-28 23:29 - 2012-01-12 09:46 - 00082021 _____ () Z:\cleanranda_v2\bin\Plugins\keepstatus.dll
2014-09-28 23:29 - 2012-01-12 09:46 - 00671232 _____ () Z:\cleanranda_v2\bin\Plugins\mirotr.dll
2014-09-28 23:29 - 2012-01-12 09:46 - 00099328 _____ () Z:\cleanranda_v2\bin\Plugins\updater.dll
2014-09-25 15:06 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 15:06 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 15:06 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 15:06 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 15:06 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 15:06 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-368666148-3114612420-1351031977-500 - Administrator - Disabled)
Gast (S-1-5-21-368666148-3114612420-1351031977-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-368666148-3114612420-1351031977-1002 - Limited - Enabled)
Kewin (S-1-5-21-368666148-3114612420-1351031977-1000 - Administrator - Enabled) => C:\Users\Kewin

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) 7 Series/C216 Chipset Family USB 3.0 eXtensible Host Controller Installation Disk - 1E31
Description: Intel(R) 7 Series/C216 Chipset Family USB 3.0 eXtensible Host Controller Installation Disk - 1E31
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 09:16:08 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={5BE50A87-6701-434E-B3B8-D1F87FF620E7}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:16:02 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={23CB2C49-8838-453B-881D-3162BA76B1DD}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:15:55 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={54268845-3045-4E06-8283-5361CB2FC450}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:15:36 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={D27616F9-F1DB-4BEA-9CF3-DA23BA86FFF1}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:15:30 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={2412FAD8-18CE-47C4-B369-AB99E4D73FD2}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:15:23 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={28C02678-733E-4184-A81E-7C6CBC379041}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:15:04 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={197D72C0-D817-4F80-9D39-D465488182D8}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:14:46 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={2AFA1F61-E641-474A-84C9-1D2F1BC04030}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.

Error: (09/30/2014 09:14:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={583B786D-C5B7-4CFC-B80C-EFBB9784403A}: Der Benutzer "Kewin-PC\Kewin" hat eine Verbindung mit dem Namen "Perfect Privacy VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 13843.


System errors:
=============
Error: (09/30/2014 09:17:35 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{09392B9A-FEBB-45C2-8AEC-BBA1BC12FCC9} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (09/30/2014 09:16:08 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {5BE50A87-6701-434E-B3B8-D1F87FF620E7}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:16:02 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {23CB2C49-8838-453B-881D-3162BA76B1DD}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:15:55 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {54268845-3045-4E06-8283-5361CB2FC450}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:15:36 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {D27616F9-F1DB-4BEA-9CF3-DA23BA86FFF1}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:15:30 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {2412FAD8-18CE-47C4-B369-AB99E4D73FD2}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:15:23 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {28C02678-733E-4184-A81E-7C6CBC379041}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:15:04 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {197D72C0-D817-4F80-9D39-D465488182D8}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:14:46 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {2AFA1F61-E641-474A-84C9-1D2F1BC04030}Kewin-PC\KewinPerfect Privacy VPN13843

Error: (09/30/2014 09:14:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {583B786D-C5B7-4CFC-B80C-EFBB9784403A}Kewin-PC\KewinPerfect Privacy VPN13843


CodeIntegrity Errors:
===================================
  Date: 2014-09-28 22:44:55.843
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-28 22:44:55.750
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-28 16:47:32.923
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-28 16:47:32.895
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-28 03:30:51.928
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-28 03:30:51.881
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-27 02:38:02.268
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-27 02:38:02.227
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 24%
Total physical RAM: 7888.75 MB
Available physical RAM: 5944.45 MB
Total Pagefile: 15775.68 MB
Available Pagefile: 13628.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Nur Windows) (Fixed) (Total:97.66 GB) (Free:44.88 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:97.66 GB) (Free:67.87 GB) NTFS
Drive e: (Musik,Filme etc.) (Fixed) (Total:102.68 GB) (Free:101.27 GB) NTFS
Drive z: () (Fixed) (Total:4.99 GB) (Free:4.87 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 88BBF202)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST-->

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by Kewin (administrator) on KEWIN-PC on 30-09-2014 09:23:30
Running from C:\Users\Kewin\Downloads
Loaded Profile: Kewin (Available profiles: Kewin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManager.exe
( ) Z:\cleanranda_v2\bin\cleanranda.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Kewin\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be 

moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] 

(NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 

[558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 

[2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe 

Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira 

Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations 

GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-368666148-3114612420-1351031977-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-368666148-3114612420-1351031977-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 

2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-368666148-3114612420-1351031977-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 

2014-09-27] (TrueCrypt Foundation)
HKU\S-1-5-21-368666148-3114612420-1351031977-1000\...\MountPoints2: {4e67196c-256d-11e4-b938-3c970ec4efb7} - G:\pushinst.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe 

Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe 

Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe 

Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x07427EABA8B8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {4903A22A-FB2C-4F5D-8CF6-BE2574B29C1B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4903A22A-FB2C-4F5D-8CF6-BE2574B29C1B} URL = https://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{09392B9A-FEBB-45C2-8AEC-BBA1BC12FCC9}: [NameServer] 5.79.71.195 213.239.217.228
Tcpip\..\Interfaces\{3765D261-06BC-4961-9E63-77F288F5BB10}: [NameServer] 190.120.228.30,185.19.87.36
Tcpip\..\Interfaces\{45A343D0-F11F-4486-A3DA-7F67C8E1F683}: [NameServer] 8.8.8.8,204.152.184.76

FireFox:
========
FF ProfilePath: C:\Users\Kewin\AppData\Roaming\Mozilla\Firefox\Profiles\QCEfmcMu.default
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities

\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll 

(Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update

\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update

\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll 

(Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Kewin\AppData\Roaming\Mozilla\Firefox\Profiles\QCEfmcMu.default\Extensions

\abs@avira.com [2014-09-28]

Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\WidevineCDM

\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash

\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe 

Systems)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake [2014-08-23]
CHR Extension: (Google Drive) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2014-08-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default

\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-23]
CHR Extension: (Google Search) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]
CHR Extension: (Gmail) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless 

listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations 

GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. 

KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira 

Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes 

Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes 

Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA 

Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-09-19] (Microsoft Corporation) [File not signed]
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2014-08-16] (Perfect Privacy) 

[File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless 

listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-11] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately 

to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 09:23 - 2014-09-30 09:23 - 00014073 _____ () C:\Users\Kewin\Downloads\FRST.txt
2014-09-30 09:23 - 2014-09-30 09:23 - 00000000 ____D () C:\FRST
2014-09-30 09:22 - 2014-09-30 09:22 - 02108928 _____ (Farbar) C:\Users\Kewin\Downloads\FRST64.exe
2014-09-30 09:21 - 2014-09-30 09:21 - 00000472 _____ () C:\Users\Kewin\Downloads\defogger_disable.log
2014-09-30 09:21 - 2014-09-30 09:21 - 00000000 _____ () C:\Users\Kewin\defogger_reenable
2014-09-30 09:20 - 2014-09-30 09:20 - 00715160 _____ ( ) C:\Users\Kewin\Downloads\FileOpenerSetup.exe
2014-09-30 09:20 - 2014-09-30 09:20 - 00050477 _____ () C:\Users\Kewin\Downloads\Defogger.exe
2014-09-30 09:14 - 2014-09-30 09:14 - 00065736 _____ () C:\Users\Kewin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-30 09:05 - 2014-09-30 09:07 - 04959696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-28 23:29 - 2014-09-28 23:29 - 00000000 ____D () C:\Users\Kewin\Downloads\cleanranda_v2
2014-09-28 23:28 - 2014-09-28 23:29 - 06669969 _____ () C:\Users\Kewin\Downloads\cleanranda_v2.zip
2014-09-28 22:47 - 2014-09-30 09:17 - 00015023 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 16:26 - 2014-09-28 16:26 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Perfect_Privacy
2014-09-28 16:25 - 2014-09-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Perfect Privacy VPN Manager
2014-09-28 16:25 - 2014-09-28 16:25 - 00001171 _____ () C:\Users\Public\Desktop\VPN Manager.lnk
2014-09-28 16:25 - 2014-09-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Privacy 

VPN
2014-09-28 04:22 - 2014-09-28 04:22 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Avira
2014-09-28 04:21 - 2014-09-28 04:19 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avnetflt.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers

\avgntflt.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-28 04:15 - 2014-09-28 23:06 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Mozilla
2014-09-28 04:15 - 2014-09-28 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-28 04:15 - 2014-09-28 04:17 - 00000000 ____D () C:\ProgramData\Avira
2014-09-28 04:15 - 2014-09-28 04:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-28 04:15 - 2014-09-28 04:15 - 00001158 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-28 04:08 - 2014-09-30 08:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys
2014-09-28 04:08 - 2014-09-28 04:08 - 00001123 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 

Anti-Malware
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-28 04:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-09-28 04:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-28 04:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 03:25 - 2014-09-28 03:25 - 01835008 _____ () C:\Users\Kewin\Documents\TrueCrypt Rescue Disk.iso
2014-09-28 03:25 - 2014-09-28 03:25 - 00000000 ____D () C:\ProgramData\TrueCrypt
2014-09-28 02:20 - 2014-09-28 14:58 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\DAEMON Tools Lite
2014-09-28 02:19 - 2014-09-28 03:26 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-28 02:00 - 2014-09-28 02:01 - 1073741824 _____ () C:\Users\Kewin\Documents\Music Maker 2014
2014-09-28 01:54 - 2014-09-28 02:02 - 00006928 _____ () C:\Users\Kewin\Desktop\Dreamweaver Codes.txt
2014-09-28 01:49 - 2014-09-28 05:11 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\TrueCrypt
2014-09-27 02:37 - 2014-09-28 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-09-27 02:37 - 2014-09-28 23:41 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-09-27 02:36 - 2014-09-28 01:50 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-09-27 02:36 - 2014-09-27 02:36 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-09-27 02:36 - 2014-09-27 02:36 - 00000890 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-09-27 02:36 - 2014-09-27 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-09-26 00:34 - 2014-09-26 00:34 - 00001195 _____ () C:\Users\Kewin\Desktop\TeamViewer 9.lnk
2014-09-26 00:34 - 2014-09-26 00:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-24 19:08 - 2014-09-24 19:08 - 00000000 ____D () C:\Users\Kewin\voip
2014-09-24 19:00 - 2014-09-26 01:00 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\ICQ
2014-09-19 14:31 - 2013-10-01 10:57 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup
2014-09-19 14:31 - 2009-07-14 03:41 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup
2014-09-19 14:31 - 2009-07-14 03:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll.backup
2014-09-19 12:50 - 2014-09-27 02:40 - 00000000 ___RD () C:\Users\Kewin\Desktop\Akademie für Kommunikation
2014-09-18 14:33 - 2009-12-20 00:00 - 00000000 ____D () C:\xampp
2014-09-16 14:28 - 2014-09-16 14:28 - 00000000 ____D () C:\Users\Kewin\.android
2014-09-15 18:31 - 2014-09-15 18:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-07 13:31 - 2014-09-07 13:31 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\OpenOffice
2014-09-07 13:30 - 2014-09-07 13:30 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 

4.1.0
2014-09-07 13:30 - 2014-09-07 13:30 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 09:21 - 2014-08-15 18:34 - 00000000 ____D () C:\Users\Kewin
2014-09-30 09:14 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2014-09-30 09:14 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2014-09-30 09:07 - 2014-08-15 19:47 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Adobe
2014-09-30 09:05 - 2014-08-21 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-30 09:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-30 08:44 - 2014-08-21 19:47 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-30 08:44 - 2014-08-16 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-28 23:04 - 2014-08-15 18:35 - 00000000 ____D () C:\Users\Kewin\AppData\Local\VirtualStore
2014-09-28 14:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-28 04:15 - 2014-08-15 19:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-28 03:38 - 2009-07-14 19:58 - 00698374 _____ () C:\Windows\system32\perfh007.dat
2014-09-28 03:38 - 2009-07-14 19:58 - 00149038 _____ () C:\Windows\system32\perfc007.dat
2014-09-28 03:38 - 2009-07-14 07:13 - 01616954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-28 02:34 - 2014-08-15 19:08 - 01591234 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-26 18:40 - 2014-08-15 20:01 - 00000034 _____ () C:\Users\Kewin\AppData\Roaming\AdobeWLCMCache.dat
2014-09-26 11:14 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-26 10:57 - 2014-08-15 19:47 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Adobe
2014-09-25 19:04 - 2014-08-16 20:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 19:04 - 2014-08-16 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 19:04 - 2014-08-16 20:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-21 21:19 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\vlc
2014-09-21 16:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-19 14:37 - 2014-08-21 19:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 

XI.lnk
2014-09-19 14:31 - 2013-10-01 10:57 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-09-19 14:31 - 2009-07-14 01:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-19 14:31 - 2009-07-14 01:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-09-18 14:22 - 2014-08-16 15:24 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Microsoft Games

Some content of TEMP:
====================
C:\Users\Kewin\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 06:08

==================== End Of Log ============================

Ich hoffe dass das Alle Informationen sind die benötigt werden.

MFG Callin.

schrauber · 30.09.2014, 10:08

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

gcallin · 30.09.2014, 18:07

Code:

ATTFilter

ComboFix 14-09-29.02 - Kewin 30.09.2014  18:50:46.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.7889.5907 [GMT 2:00]
ausgeführt von:: c:\users\Kewin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kewin\AppData\Local\Adobe\AdbeRdr11008_de_DE.exe
c:\users\Kewin\AppData\Local\Adobe\ChromeInstaller.exe
c:\users\Kewin\AppData\Local\Adobe\downloader.dll
c:\users\Kewin\AppData\Local\Adobe\gccheck.exe
c:\users\Kewin\AppData\Local\Adobe\GTB.exe
c:\users\Kewin\AppData\Local\Adobe\gtbcheck.exe
c:\users\Kewin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-28 bis 2014-09-30  ))))))))))))))))))))))))))))))
.
.
2014-09-30 07:23 . 2014-09-30 07:24	--------	d-----w-	C:\FRST
2014-09-28 14:26 . 2014-09-28 14:26	--------	d-----w-	c:\users\Kewin\AppData\Local\Perfect_Privacy
2014-09-28 14:25 . 2014-09-28 14:26	--------	d-----w-	c:\program files (x86)\Perfect Privacy VPN Manager
2014-09-28 02:22 . 2014-09-28 02:22	--------	d-----w-	c:\users\Kewin\AppData\Roaming\Avira
2014-09-28 02:21 . 2014-09-28 02:19	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-09-28 02:17 . 2014-08-15 08:30	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2014-09-28 02:17 . 2014-08-15 08:30	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-09-28 02:17 . 2014-08-15 08:30	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-28 02:15 . 2014-09-28 02:17	--------	d-----w-	c:\program files (x86)\Avira
2014-09-28 02:15 . 2014-09-28 02:17	--------	d-----w-	c:\programdata\Avira
2014-09-28 02:08 . 2014-09-30 16:43	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-28 02:08 . 2014-09-28 02:08	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-09-28 02:08 . 2014-09-28 02:08	--------	d-----w-	c:\programdata\Malwarebytes
2014-09-28 02:08 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-28 02:08 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-28 02:08 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-28 01:25 . 2014-09-28 01:25	--------	d-----w-	c:\programdata\TrueCrypt
2014-09-28 00:20 . 2014-09-28 12:58	--------	d-----w-	c:\users\Kewin\AppData\Roaming\DAEMON Tools Lite
2014-09-28 00:19 . 2014-09-28 01:26	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2014-09-27 23:49 . 2014-09-30 12:20	--------	d-----w-	c:\users\Kewin\AppData\Roaming\TrueCrypt
2014-09-27 00:37 . 2014-09-28 21:41	--------	d-----w-	c:\program files (x86)\OpenVPN
2014-09-27 00:36 . 2014-09-27 00:36	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2014-09-27 00:36 . 2014-09-27 23:50	--------	d-----w-	c:\program files\TrueCrypt
2014-09-25 22:34 . 2014-09-25 22:34	--------	d-----w-	c:\program files (x86)\TeamViewer
2014-09-24 17:08 . 2014-09-24 17:08	--------	d-----w-	c:\users\Kewin\voip
2014-09-19 12:31 . 2009-07-14 01:41	332288	----a-w-	c:\windows\system32\uxtheme.dll.backup
2014-09-19 12:31 . 2013-10-01 08:57	2851840	----a-w-	c:\windows\system32\themeui.dll.backup
2014-09-19 12:31 . 2009-07-14 01:41	44544	----a-w-	c:\windows\system32\themeservice.dll.backup
2014-09-18 12:33 . 2009-12-19 22:00	--------	d---a-w-	C:\xampp
2014-09-16 12:28 . 2014-09-16 12:28	--------	d-----w-	c:\users\Kewin\.android
2014-09-07 11:31 . 2014-09-07 11:31	--------	d-----w-	c:\users\Kewin\AppData\Roaming\OpenOffice
2014-09-07 11:30 . 2014-09-07 11:30	--------	d-----w-	c:\program files (x86)\OpenOffice 4
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 17:04 . 2014-08-16 18:26	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 17:04 . 2014-08-16 18:26	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-19 12:31 . 2009-07-13 23:55	332288	----a-w-	c:\windows\system32\uxtheme.dll
2014-09-19 12:31 . 2013-10-01 08:57	2851840	----a-w-	c:\windows\system32\themeui.dll
2014-09-19 12:31 . 2009-07-13 23:54	44544	----a-w-	c:\windows\system32\themeservice.dll
2014-08-19 11:41 . 2014-08-19 11:41	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-19 11:41 . 2014-08-19 11:41	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-08-19 11:41 . 2014-08-19 11:41	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-08-19 11:41 . 2014-08-19 11:41	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-08-19 11:41 . 2014-08-19 11:41	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-08-19 11:41 . 2014-08-19 11:41	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-08-19 11:41 . 2014-08-19 11:41	85504	----a-w-	c:\windows\system32\mshtmled.dll
2014-08-19 11:41 . 2014-08-19 11:41	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-08-19 11:41 . 2014-08-19 11:41	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-08-19 11:41 . 2014-08-19 11:41	81408	----a-w-	c:\windows\system32\icardie.dll
2014-08-19 11:41 . 2014-08-19 11:41	774144	----a-w-	c:\windows\system32\jscript.dll
2014-08-19 11:41 . 2014-08-19 11:41	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-08-19 11:41 . 2014-08-19 11:41	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-08-19 11:41 . 2014-08-19 11:41	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-08-19 11:41 . 2014-08-19 11:41	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-19 11:41 . 2014-08-19 11:41	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-08-19 11:41 . 2014-08-19 11:41	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-08-19 11:41 . 2014-08-19 11:41	631808	----a-w-	c:\windows\system32\msfeeds.dll
2014-08-19 11:41 . 2014-08-19 11:41	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-08-19 11:41 . 2014-08-19 11:41	62464	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-08-19 11:41 . 2014-08-19 11:41	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-08-19 11:41 . 2014-08-19 11:41	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-08-19 11:41 . 2014-08-19 11:41	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-08-19 11:41 . 2014-08-19 11:41	608768	----a-w-	c:\windows\system32\ie4uinit.exe
2014-08-19 11:41 . 2014-08-19 11:41	598016	----a-w-	c:\windows\system32\ieui.dll
2014-08-19 11:41 . 2014-08-19 11:41	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-08-19 11:41 . 2014-08-19 11:41	5721088	----a-w-	c:\windows\system32\jscript9.dll
2014-08-19 11:41 . 2014-08-19 11:41	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-08-19 11:41 . 2014-08-19 11:41	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-08-19 11:41 . 2014-08-19 11:41	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-08-19 11:41 . 2014-08-19 11:41	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-08-19 11:41 . 2014-08-19 11:41	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-08-19 11:41 . 2014-08-19 11:41	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-08-19 11:41 . 2014-08-19 11:41	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-08-19 11:41 . 2014-08-19 11:41	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-08-19 11:41 . 2014-08-19 11:41	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-08-19 11:41 . 2014-08-19 11:41	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2014-08-19 11:41 . 2014-08-19 11:41	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-08-19 11:41 . 2014-08-19 11:41	413696	----a-w-	c:\windows\system32\html.iec
2014-08-19 11:41 . 2014-08-19 11:41	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-08-19 11:41 . 2014-08-19 11:41	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 11:41 . 2014-08-19 11:41	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-08-19 11:41 . 2014-08-19 11:41	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-08-19 11:41 . 2014-08-19 11:41	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-08-19 11:41 . 2014-08-19 11:41	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-19 11:41 . 2014-08-19 11:41	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-08-19 11:41 . 2014-08-19 11:41	292864	----a-w-	c:\windows\system32\dxtrans.dll
2014-08-19 11:41 . 2014-08-19 11:41	2768384	----a-w-	c:\windows\system32\iertutil.dll
2014-08-19 11:41 . 2014-08-19 11:41	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-19 11:41 . 2014-08-19 11:41	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-08-19 11:41 . 2014-08-19 11:41	266424	----a-w-	c:\windows\system32\iedkcs32.dll
2014-08-19 11:41 . 2014-08-19 11:41	247808	----a-w-	c:\windows\system32\msls31.dll
2014-08-19 11:41 . 2014-08-19 11:41	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-08-19 11:41 . 2014-08-19 11:41	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-08-19 11:41 . 2014-08-19 11:41	235520	----a-w-	c:\windows\system32\url.dll
2014-08-19 11:41 . 2014-08-19 11:41	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-08-19 11:41 . 2014-08-19 11:41	23464448	----a-w-	c:\windows\system32\mshtml.dll
2014-08-19 11:41 . 2014-08-19 11:41	2266112	----a-w-	c:\windows\system32\wininet.dll
2014-08-19 11:41 . 2014-08-19 11:41	2040832	----a-w-	c:\windows\system32\inetcpl.cpl
2014-08-19 11:41 . 2014-08-19 11:41	1964544	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-08-19 11:41 . 2014-08-19 11:41	195584	----a-w-	c:\windows\system32\msrating.dll
2014-08-19 11:41 . 2014-08-19 11:41	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-08-19 11:41 . 2014-08-19 11:41	1791488	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-19 11:41 . 2014-08-19 11:41	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-08-19 11:41 . 2014-08-19 11:41	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-08-19 11:41 . 2014-08-19 11:41	147968	----a-w-	c:\windows\system32\occache.dll
2014-08-19 11:41 . 2014-08-19 11:41	143872	----a-w-	c:\windows\system32\wextract.exe
2014-08-19 11:41 . 2014-08-19 11:41	1393664	----a-w-	c:\windows\system32\urlmon.dll
2014-08-19 11:41 . 2014-08-19 11:41	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-08-19 11:41 . 2014-08-19 11:41	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-08-19 11:41 . 2014-08-19 11:41	13824	----a-w-	c:\windows\system32\mshta.exe
2014-08-19 11:41 . 2014-08-19 11:41	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-08-19 11:41 . 2014-08-19 11:41	13527040	----a-w-	c:\windows\system32\ieframe.dll
2014-08-19 11:41 . 2014-08-19 11:41	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-08-19 11:41 . 2014-08-19 11:41	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-08-19 11:41 . 2014-08-19 11:41	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-08-19 11:41 . 2014-08-19 11:41	1249280	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-08-19 11:41 . 2014-08-19 11:41	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-08-19 11:41 . 2014-08-19 11:41	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-08-19 11:41 . 2014-08-19 11:41	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-08-19 11:41 . 2014-08-19 11:41	1068032	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-08-19 11:41 . 2014-08-19 11:41	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-08-19 11:41 . 2014-08-19 11:41	101376	----a-w-	c:\windows\system32\inseng.dll
2014-08-19 11:40 . 2014-08-19 11:40	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-08-19 11:40 . 2014-08-19 11:40	859648	----a-w-	c:\windows\system32\tdh.dll
2014-08-19 11:40 . 2014-08-19 11:40	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2014-08-19 11:40 . 2014-08-19 11:40	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2014-08-19 11:40 . 2014-08-19 11:40	1732032	----a-w-	c:\windows\system32\ntdll.dll
2014-08-19 11:40 . 2014-08-19 11:40	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2014-08-19 11:39 . 2014-08-19 11:39	327168	----a-w-	c:\windows\system32\mswsock.dll
2014-08-19 11:39 . 2014-08-19 11:39	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2014-08-19 11:35 . 2014-08-19 11:35	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-19 11:35 . 2014-08-19 11:35	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-08-19 11:35 . 2014-08-19 11:35	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-08-19 11:35 . 2014-08-19 11:35	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-07-23 6265624]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2014-09-27 1516496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\FRITZWLANMini.exe" [2012-08-21 933888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-17 164656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-15 751184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys;c:\windows\SYSNATIVE\DRIVERS\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VPNManager;Perfect Privacy VPN Manager;c:\program files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe;c:\program files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [x]
S3 fwlanusb5;FRITZ!WLAN N v2;c:\windows\system32\DRIVERS\fwlanusb5.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb5.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NAL
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 13:05	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-16 17:04]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21 17:47]
.
2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21 17:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06	672416	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-12 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-12 439104]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3765D261-06BC-4961-9E63-77F288F5BB10}: NameServer = 190.120.228.30,185.19.87.36
TCP: Interfaces\{3765D261-06BC-4961-9E63-77F288F5BB10}\553535750213: NameServer = 190.120.228.30,185.19.87.36
TCP: Interfaces\{45A343D0-F11F-4486-A3DA-7F67C8E1F683}: NameServer = 8.8.8.8,204.152.184.76
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-30  18:59:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-30 16:59
.
Vor Suchlauf: 10 Verzeichnis(se), 48.711.458.816 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 48.253.739.008 Bytes frei
.
- - End Of File - - CC52FCA97A10A340D62F9B3CE527F2E7
422AF79487A55C27CE4BFD48D84CE830

schrauber · 01.10.2014, 12:32

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

gcallin · 01.10.2014, 16:43

Hi ^^
MWAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.10.2014
Suchlauf-Zeit: 17:18:17
Logdatei: MWAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.10.01.06
Rootkit Datenbank: v2014.09.19.01
Lizenz: Premium
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Kewin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 310966
Verstrichene Zeit: 5 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.MindSpark.A, C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage, Löschen bei Neustart, [1872bb54fa824aec81585919f41006fa], 
PUP.Optional.MindSpark.A, C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal, Löschen bei Neustart, [2565da350f6d81b56b6e7ff3eb19cc34], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Adw Cleaner

[CODE#] AdwCleaner v3.311 - Bericht erstellt am 01/10/2014 um 17:27:00
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Kewin - KEWIN-PC
# Gestartet von : C:\Users\Kewin\Downloads\AdwCleaner_3.311.exe
# Option : Suchen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

***** [ Tasks ] *****

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v

-\\ Google Chrome v37.0.2062.124

[ Datei : C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [796 octets] - [01/10/2014 17:27:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [855 octets] ##########
[/CODE]

Junkware

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.5 (10.01.2014:2)
OS: Windows 7 Ultimate x64
Ran by Kewin on 01.10.2014 at 17:33:53,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.10.2014 at 17:36:24,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frisches FRST Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by Kewin (administrator) on KEWIN-PC on 01-10-2014 17:38:08
Running from C:\Users\Kewin\Downloads
Loaded Profile: Kewin (Available profiles: Kewin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-368666148-3114612420-1351031977-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2014-09-27] (TrueCrypt Foundation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-01-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-01-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x07427EABA8B8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4903A22A-FB2C-4F5D-8CF6-BE2574B29C1B} URL = https://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{3765D261-06BC-4961-9E63-77F288F5BB10}: [NameServer] 190.120.228.30,185.19.87.36
Tcpip\..\Interfaces\{45A343D0-F11F-4486-A3DA-7F67C8E1F683}: [NameServer] 8.8.8.8,204.152.184.76
Tcpip\..\Interfaces\{6E4CE0D6-910E-4819-91E2-5683043A3E08}: [NameServer] 94.242.243.66 5.79.71.195

FireFox:
========
FF ProfilePath: C:\Users\Kewin\AppData\Roaming\Mozilla\Firefox\Profiles\QCEfmcMu.default
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Avira Browser Safety - C:\Users\Kewin\AppData\Roaming\Mozilla\Firefox\Profiles\QCEfmcMu.default\Extensions\abs@avira.com [2014-09-28]

Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://flcpildhclihlpljpfpojindpglggkpd/spent.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-23]
CHR Extension: (Google Drive) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-23]
CHR Extension: (Google Search) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-23]
CHR Extension: (MapsGalaxy) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpildhclihlpljpfpojindpglggkpd [2014-10-01]
CHR Extension: (Google Wallet) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]
CHR Extension: (Gmail) - C:\Users\Kewin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-09-19] (Microsoft Corporation) [File not signed]
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [17408 2014-08-16] (Perfect Privacy) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2012-04-25] (AVM Berlin)
R3 fwlanusb5; C:\Windows\System32\DRIVERS\fwlanusb5.sys [982784 2012-08-21] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-01-11] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:36 - 2014-10-01 17:36 - 00000621 _____ () C:\Users\Kewin\Desktop\JRT.txt
2014-10-01 17:33 - 2014-10-01 17:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-01 17:30 - 2014-10-01 17:30 - 00065736 _____ () C:\Users\Kewin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-01 17:29 - 2014-10-01 17:29 - 04959696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-01 17:29 - 2014-10-01 17:29 - 00001090 _____ () C:\Windows\PFRO.log
2014-10-01 17:29 - 2014-10-01 17:29 - 00000168 _____ () C:\Windows\setupact.log
2014-10-01 17:29 - 2014-10-01 17:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-01 17:26 - 2014-10-01 17:27 - 00000000 ____D () C:\AdwCleaner
2014-10-01 17:25 - 2014-10-01 17:25 - 01701878 _____ (Thisisu) C:\Users\Kewin\Downloads\JRT.exe
2014-10-01 17:19 - 2014-10-01 17:19 - 01375089 _____ () C:\Users\Kewin\Downloads\AdwCleaner_3.311.exe
2014-10-01 17:00 - 2014-10-01 17:00 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\TeamViewer
2014-09-30 18:59 - 2014-09-30 18:59 - 00026975 _____ () C:\ComboFix.txt
2014-09-30 18:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-30 18:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-30 18:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-30 18:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-30 18:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-30 18:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-30 18:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-30 18:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-30 18:47 - 2014-09-30 18:59 - 00000000 ____D () C:\Qoobox
2014-09-30 18:47 - 2014-09-30 18:58 - 00000000 ____D () C:\Windows\erdnt
2014-09-30 18:44 - 2014-09-30 18:46 - 05582345 ____R (Swearware) C:\Users\Kewin\Downloads\ComboFix.exe
2014-09-30 14:11 - 2014-10-01 17:28 - 00017937 _____ () C:\Windows\WindowsUpdate.log
2014-09-30 09:32 - 2014-09-30 09:32 - 00000244 _____ () C:\Users\Kewin\Downloads\defogger_enable.log
2014-09-30 09:25 - 2014-09-30 09:25 - 00380416 _____ () C:\Users\Kewin\Downloads\Gmer-19357.exe
2014-09-30 09:24 - 2014-09-30 09:24 - 00026601 _____ () C:\Users\Kewin\Downloads\Addition.txt
2014-09-30 09:23 - 2014-10-01 17:38 - 00013783 _____ () C:\Users\Kewin\Downloads\FRST.txt
2014-09-30 09:23 - 2014-10-01 17:38 - 00000000 ____D () C:\FRST
2014-09-30 09:22 - 2014-09-30 09:22 - 02108928 _____ (Farbar) C:\Users\Kewin\Downloads\FRST64.exe
2014-09-30 09:20 - 2014-09-30 09:20 - 00715160 _____ ( ) C:\Users\Kewin\Downloads\FileOpenerSetup.exe
2014-09-30 09:20 - 2014-09-30 09:20 - 00050477 _____ () C:\Users\Kewin\Downloads\Defogger.exe
2014-09-28 23:28 - 2014-09-28 23:29 - 06669969 _____ () C:\Users\Kewin\Downloads\cleanranda_v2.zip
2014-09-28 16:26 - 2014-09-28 16:26 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Perfect_Privacy
2014-09-28 16:25 - 2014-09-28 16:26 - 00000000 ____D () C:\Program Files (x86)\Perfect Privacy VPN Manager
2014-09-28 16:25 - 2014-09-28 16:25 - 00001171 _____ () C:\Users\Public\Desktop\VPN Manager.lnk
2014-09-28 16:25 - 2014-09-28 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Privacy VPN
2014-09-28 04:22 - 2014-09-28 04:22 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Avira
2014-09-28 04:21 - 2014-09-28 04:19 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-28 04:17 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-28 04:15 - 2014-09-30 15:24 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Mozilla
2014-09-28 04:15 - 2014-09-28 04:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-28 04:15 - 2014-09-28 04:17 - 00000000 ____D () C:\ProgramData\Avira
2014-09-28 04:15 - 2014-09-28 04:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-28 04:15 - 2014-09-28 04:15 - 00001158 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-28 04:08 - 2014-10-01 17:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 04:08 - 2014-09-28 04:08 - 00001123 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 04:08 - 2014-09-28 04:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-28 04:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-28 04:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-28 04:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-28 03:25 - 2014-09-28 03:25 - 01835008 _____ () C:\Users\Kewin\Documents\TrueCrypt Rescue Disk.iso
2014-09-28 03:25 - 2014-09-28 03:25 - 00000000 ____D () C:\ProgramData\TrueCrypt
2014-09-28 02:20 - 2014-09-28 14:58 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\DAEMON Tools Lite
2014-09-28 02:19 - 2014-09-28 03:26 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-09-28 02:00 - 2014-09-28 02:01 - 1073741824 _____ () C:\Users\Kewin\Documents\Music Maker 2014
2014-09-28 01:54 - 2014-09-28 02:02 - 00006928 _____ () C:\Users\Kewin\Desktop\Dreamweaver Codes.txt
2014-09-28 01:49 - 2014-09-30 14:20 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\TrueCrypt
2014-09-27 02:37 - 2014-09-28 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-09-27 02:37 - 2014-09-28 23:41 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-09-27 02:36 - 2014-09-28 01:50 - 00000000 ____D () C:\Program Files\TrueCrypt
2014-09-27 02:36 - 2014-09-27 02:36 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2014-09-27 02:36 - 2014-09-27 02:36 - 00000890 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2014-09-27 02:36 - 2014-09-27 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2014-09-26 00:34 - 2014-09-26 00:34 - 00001195 _____ () C:\Users\Kewin\Desktop\TeamViewer 9.lnk
2014-09-26 00:34 - 2014-09-26 00:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-09-24 19:08 - 2014-09-24 19:08 - 00000000 ____D () C:\Users\Kewin\voip
2014-09-24 19:00 - 2014-09-26 01:00 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2014-09-19 14:31 - 2013-10-01 10:57 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll.backup
2014-09-19 14:31 - 2009-07-14 03:41 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll.backup
2014-09-19 14:31 - 2009-07-14 03:41 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll.backup
2014-09-19 12:50 - 2014-09-27 02:40 - 00000000 ___RD () C:\Users\Kewin\Desktop\Akademie für Kommunikation
2014-09-18 14:33 - 2009-12-20 00:00 - 00000000 ____D () C:\xampp
2014-09-16 14:28 - 2014-09-16 14:28 - 00000000 ____D () C:\Users\Kewin\.android
2014-09-15 18:31 - 2014-09-15 18:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-07 13:31 - 2014-09-07 13:31 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\OpenOffice
2014-09-07 13:30 - 2014-09-07 13:30 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-09-07 13:30 - 2014-09-07 13:30 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 17:37 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:37 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 17:29 - 2014-08-21 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 17:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 17:04 - 2014-08-21 19:47 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 17:04 - 2014-08-16 20:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 16:58 - 2014-08-15 19:47 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Adobe
2014-09-30 18:59 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-30 18:57 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-30 14:44 - 2014-08-15 20:01 - 00000034 _____ () C:\Users\Kewin\AppData\Roaming\AdobeWLCMCache.dat
2014-09-30 11:46 - 2009-07-14 19:58 - 00698374 _____ () C:\Windows\system32\perfh007.dat
2014-09-30 11:46 - 2009-07-14 19:58 - 00149038 _____ () C:\Windows\system32\perfc007.dat
2014-09-30 11:46 - 2009-07-14 07:13 - 01616954 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-30 09:32 - 2014-08-15 18:34 - 00000000 ____D () C:\Users\Kewin
2014-09-28 23:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-28 23:04 - 2014-08-15 18:35 - 00000000 ____D () C:\Users\Kewin\AppData\Local\VirtualStore
2014-09-28 14:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-09-28 04:15 - 2014-08-15 19:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-28 02:34 - 2014-08-15 19:08 - 01591234 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-26 11:14 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-26 10:57 - 2014-08-15 19:47 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\Adobe
2014-09-25 19:04 - 2014-08-16 20:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 19:04 - 2014-08-16 20:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 19:04 - 2014-08-16 20:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-21 21:19 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\Kewin\AppData\Roaming\vlc
2014-09-21 16:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-19 14:37 - 2014-08-21 19:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 14:31 - 2013-10-01 10:57 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-09-19 14:31 - 2009-07-14 01:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-19 14:31 - 2009-07-14 01:54 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-09-18 14:22 - 2014-08-16 15:24 - 00000000 ____D () C:\Users\Kewin\AppData\Local\Microsoft Games

Some content of TEMP:
====================
C:\Users\Kewin\AppData\Local\Temp\avgnt.exe
C:\Users\Kewin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 06:08

==================== End Of Log ============================

--- --- ---

schrauber · 02.10.2014, 11:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Wind 7 Ultim. Malwarebeytes hat einen Trojaner Agent gefunden.

Log-Analyse und Auswertung: Wind 7 Ultim. Malwarebeytes hat einen Trojaner Agent gefunden.