.scr datei geöffnet - angst vor trojaner und anderer virensoftware

enjoi · 01.11.2014, 21:56

Guten Tag,
ich habe (wie viele andere auch) eine .scr datei runtergeladen und geöffnet. es geschah bisher nichts, allerdings habe ich nun in den anderen beiträgen gelesen, dass sich diese entfernen lassen.
deshalb bitte ich um hilfe, um meinen pc wieder sauber zu bekommen, da der sowieso schon langsam wie eine schildkröte ist.

habe mir bereits das farbar recovery scan tool heruntergeladen und hier ist sowohl die FRST datei, als auch die Addition datei:

hoffe, mir kann schnell geholfen werden.
danke schonmal im vorraus!

----------------------------------------------------------------------------------------
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Besitzer (administrator) on BESITZER-PC on 01-11-2014 21:50:40
Running from C:\Users\Besitzer\Downloads
Loaded Profiles: Besitzer & UpdatusUser (Available profiles: Besitzer & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\main.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Razer\Lachesis\razerhid.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\Razer\Lachesis\razertra.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Razer Inc.) C:\Program Files\Razer\Lachesis\razerofa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM\...\Run: [RazerGameBooster] => D:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM\...\Run: [Lachesis] => C:\Program Files\Razer\Lachesis\razerhid.exe [172032 2008-10-14] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Spotify Web Helper] => C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-09-30] (Alcohol Soft Development Team)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Desura] => C:\Program Files\Desura\desura.exe -autostart
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\MountPoints2: {8c090a03-da74-11e2-b5f2-c843cf8f8a9f} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1712319259-4035963724-2678702659-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-21]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files\LyricsContainer\130.xpi

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-05]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-05]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-05]
CHR Extension: (Google Cast) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-19]
CHR Extension: (Google-Suche) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-05]
CHR Extension: (AdBlock) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-24]
CHR Extension: (uTorrentBar_DE) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc [2013-04-05]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-05]
CHR HKLM\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files\LyricsContainer\130.crx []
CHR HKLM\...\Chrome\Extension: [gfhdkohbepelnfckgjinfddmecpngnpb] - C:\Program Files\LyricStar\Chrome.crx []
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Besitzer\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]
CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Besitzer\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; D:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl67084dfe; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D756E5A2-5B8B-486D-8B00-06C0BA8AB9C1}\MpKsl67084dfe.sys [39464 2014-11-01] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-18] (Duplex Secure Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
U3 a0yygv0v; C:\Windows\system32\Drivers\a0yygv0v.sys [0 ] (Intel Corporation)
U3 aory9fuv; C:\Windows\system32\Drivers\aory9fuv.sys [0 ] (Intel Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 21:50 - 2014-11-01 21:51 - 00015981 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2014-11-01 21:50 - 2014-11-01 21:50 - 00000000 ____D () C:\FRST
2014-11-01 21:49 - 2014-11-01 21:50 - 01105920 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST.exe
2014-11-01 17:49 - 2014-11-01 17:49 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-11-01 17:49 - 2012-10-09 15:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-01 17:47 - 2014-11-01 17:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-01 17:47 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 17:46 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 17:43 - 2014-11-01 17:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 17:42 - 2014-11-01 17:48 - 00000000 ____D () C:\Windows\LastGood
2014-11-01 17:38 - 2014-11-01 17:42 - 00000000 ____D () C:\Users\Besitzer\{e26bfdd1-00b3-4e0d-8588-2e0f18b78c1b}
2014-11-01 17:37 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 17:37 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 17:31 - 2014-11-01 17:34 - 174957352 _____ (NVIDIA Corporation) C:\Users\Besitzer\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql.exe
2014-11-01 13:55 - 2007-08-08 09:51 - 00249856 _____ (Razer Inc.) C:\Windows\system32\Lachesis.cpl
2014-11-01 13:55 - 2005-12-21 11:23 - 00014592 _____ (Motorola) C:\Windows\system32\Drivers\Usbicp.sys
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files\Razer
2014-11-01 13:46 - 2007-08-08 11:04 - 00012032 _____ (Razer (Asia-Pacific) Pte Ltd) C:\Windows\system32\Drivers\Lachesis.sys
2014-11-01 13:42 - 2014-11-01 13:42 - 00000000 ____D () C:\Program Files\LachesisEnglish
2014-11-01 13:40 - 2014-11-01 13:41 - 07674253 _____ () C:\Users\Besitzer\Downloads\LachesisEnglish.zip
2014-11-01 13:21 - 2014-11-01 13:21 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-11-01 13:21 - 2014-11-01 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-11-01 13:04 - 2014-11-01 13:05 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Besitzer\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-10-27 13:35 - 2014-10-27 13:35 - 00000835 _____ () C:\Users\Besitzer\Desktop\CS GO.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00001834 _____ () C:\Users\Besitzer\Desktop\Skype.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00000554 _____ () C:\Users\Besitzer\Desktop\Steam.lnk
2014-10-16 19:04 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:58 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-16 18:57 - 2014-08-23 02:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-16 18:56 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 17:52 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 17:51 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 17:21 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 17:21 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 17:21 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 17:21 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 17:21 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 17:21 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 17:21 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 17:21 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 17:21 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 17:21 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 17:21 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 17:21 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ___RD () C:\Program Files\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-08 15:26 - 2014-10-08 15:26 - 00004932 _____ () C:\Users\Besitzer\Downloads\bibanator_csgo_gaming_cfg_13-06-2014.rar
2014-10-08 15:12 - 2014-10-08 15:12 - 00000277 _____ () C:\Users\Besitzer\Downloads\walkshoot.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 21:27 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 21:27 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 21:21 - 2013-04-05 12:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 20:54 - 2012-08-30 12:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 17:49 - 2012-08-21 14:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 17:48 - 2012-08-21 14:09 - 00000000 ____D () C:\Users\Besitzer
2014-11-01 17:47 - 2013-06-23 17:24 - 00000000 ____D () C:\Temp
2014-11-01 17:47 - 2009-04-11 17:55 - 01575930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 17:36 - 2013-04-03 21:17 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Skype
2014-11-01 17:31 - 2013-05-18 12:37 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\LogMeIn Hamachi
2014-11-01 17:31 - 2009-04-11 13:37 - 01635067 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 17:27 - 2013-04-05 12:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 17:27 - 2013-01-01 18:27 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-01 17:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 15:49 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Razer
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-01 13:55 - 2012-08-21 14:47 - 00015338 _____ () C:\Windows\DPINST.LOG
2014-11-01 13:46 - 2012-08-21 14:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-01 13:21 - 2014-02-08 16:31 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-11-01 00:56 - 2014-02-08 16:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TS3Client
2014-11-01 00:04 - 2008-01-21 03:47 - 00193112 _____ () C:\Windows\PFRO.log
2014-10-31 16:39 - 2013-02-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marine Bot
2014-10-31 16:37 - 2014-04-30 01:50 - 00000000 ____D () C:\Program Files\EslWire
2014-10-31 16:31 - 2014-08-30 04:13 - 00000000 ____D () C:\ProgramData\Desura
2014-10-30 16:37 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Spotify
2014-10-30 16:14 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Spotify
2014-10-30 12:24 - 2012-08-21 15:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:33 - 2014-06-14 14:12 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 21:26 - 2013-03-14 19:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc
2014-10-23 14:47 - 2012-09-15 20:09 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-10-21 15:06 - 2012-08-30 12:42 - 00032256 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 15:50 - 2013-03-21 01:43 - 00000000 ____D () C:\Users\Besitzer\Desktop\Games und Programme
2014-10-20 15:48 - 2012-09-15 20:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-19 15:02 - 2012-10-08 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 19:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 19:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:15 - 2006-11-02 13:47 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 18:15 - 2013-08-13 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:55 - 2012-08-21 14:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-10-16 17:54 - 2012-08-21 14:58 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-16 17:53 - 2012-08-21 14:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 23:38 - 2013-04-03 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 09:03 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\AskSLib.dll
C:\Users\Besitzer\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Besitzer\AppData\Local\Temp\DeltaTB.exe
C:\Users\Besitzer\AppData\Local\Temp\EslWireSetup-1.17.3.8001-x86.exe
C:\Users\Besitzer\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x86.exe
C:\Users\Besitzer\AppData\Local\Temp\fileutil.dll
C:\Users\Besitzer\AppData\Local\Temp\happyl.exe
C:\Users\Besitzer\AppData\Local\Temp\ICReinstall_DownloadAcceleratorSetup.exe
C:\Users\Besitzer\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Besitzer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Besitzer\AppData\Local\Temp\MotoCast_Installer_2.0309.exe
C:\Users\Besitzer\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Besitzer\AppData\Local\Temp\ose00000.exe
C:\Users\Besitzer\AppData\Local\Temp\QuickShare1.exe
C:\Users\Besitzer\AppData\Local\Temp\SIntf16.dll
C:\Users\Besitzer\AppData\Local\Temp\SIntf32.dll
C:\Users\Besitzer\AppData\Local\Temp\SIntfNT.dll
C:\Users\Besitzer\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Besitzer\AppData\Local\Temp\tbedrs.dll
C:\Users\Besitzer\AppData\Local\Temp\tbuTor.dll
C:\Users\Besitzer\AppData\Local\Temp\tmp1365.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmp153.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmp383.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmp3CC8.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmp4070.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmp5975.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmpB9A4.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\tmpC774.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\utt6EA2.tmp.exe
C:\Users\Besitzer\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 17:36

==================== End Of Log ============================

--- --- ---

---------------------------------------------------------------------------------------------------------------------

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by Besitzer at 2014-11-01 21:51:51
Running from C:\Users\Besitzer\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acoustica MP3 Audio Mixer (HKLM\...\Acoustica MP3 Audio Mixer) (Version:  - Acoustica)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Command & Conquer Renegade (HKLM\...\Renegade) (Version:  - )
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Dungeon Siege (HKLM\...\Steam App 39190) (Version:  - Gas Powered Games)
Dungeon Siege 2 (HKLM\...\Steam App 39200) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX420W Series Handbuch (HKLM\...\EPSON SX420W Series Manual) (Version:  - )
EPSON SX420W Series Netzwerk-Handbuch (HKLM\...\EPSON SX420W Series Network Guide) (Version:  - )
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.2 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
Free M4a to MP3 Converter 7.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Gothic (HKLM\...\Steam App 65540) (Version:  - Piranha – Bytes )
Gothic 3 (HKLM\...\Steam App 39500) (Version:  - Piranha – Bytes )
Gothic II: Gold Edition (HKLM\...\Steam App 39510) (Version:  - Piranha Bytes)
Guitar Pro 5.2 (HKLM\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
How to Survive (HKLM\...\Steam App 250400) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neverwinter (HKLM\...\Neverwinter) (Version:  - Cryptic Studios)
NVIDIA Grafiktreiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PokerStars.eu (HKLM\...\PokerStars.eu) (Version:  - PokerStars.eu)
Quake Live (HKLM\...\Steam App 282440) (Version:  - id Software)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.2.42.0 - Razer Inc.)
Razer Lachesis (HKLM\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.00.0000 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Risen 2 Demo (HKLM\...\Steam App 202610) (Version:  - )
Roll (HKLM\...\RollerCoaster Tycoon Setup) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScummVM 1.5.0 (HKLM\...\ScummVM_is1) (Version:  - The ScummVM Team)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snow-War 2.1 (HKLM\...\Snow-War 2.1) (Version: 2.1 - The Snow-War Team)
Soldier of Fortune - Community Edition 5.1 (HKLM\...\Soldier of Fortune - Community Edition 5.1) (Version:  - )
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Star Wars: Knights of the Old Republic (HKLM\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded II 1.0.0.1 (HKLM\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
Stronghold Kingdoms (HKLM\...\Steam App 47410) (Version:  - FireFly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
theHunter (HKLM\...\Steam App 253710) (Version:  - Expansive Worlds)
Theme Park World (HKLM\...\Theme Park World) (Version:  - )
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
Tony Hawk's Pro Skater HD (HKLM\...\Steam App 207210) (Version:  - )
Tropico 4 - Demo (HKLM\...\Steam App 57750) (Version:  - )
Tropico 4 1.00 (HKCU\...\Tropico 4) (Version: 1.00 - Kalypso Media)
VidCoder 1.3.4 (x86) (HKLM\...\VidCoder_is1) (Version: 1.3.4 - RandomEngy)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VS v6.0 (HKLM\...\Vampire Slayer : Chapter VI_is1) (Version: VS v6.0 - Mark Gornall)
Warframe (HKLM\...\Steam App 230410) (Version:  - Digital Extremes)
WAV To MP3 V2 (HKLM\...\WAV To MP3_is1) (Version:  - hxxp://www.WAVMP3.net)
Winmail Opener 1.5 (HKLM\...\Winmail Opener) (Version: 1.5 - Eolsoft)
WinRAR 4.20 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-10-2014 18:56:38 Windows Update
31-10-2014 11:43:15 Windows Update
31-10-2014 15:31:38 Entfernt The Sims 3
31-10-2014 15:34:06 Entfernt The Sims 3 World Adventures
31-10-2014 15:40:21 Removed PC Remote
01-11-2014 12:45:34 Installed Razer Lachesis
01-11-2014 12:46:43 Gerätetreiber-Paketinstallation: Razer Eingabegeräte (Human Interface Devices)
01-11-2014 12:53:26 Gerätetreiber-Paketinstallation: MOTOROLA USB-Controller
01-11-2014 16:39:27 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
01-11-2014 16:48:30 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1106DAA5-6E1C-408C-A749-CA38B8CB9953} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C057EE1-4C4B-489E-891D-8B94A6218B43} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {55FCED50-FCD4-4F15-AEC6-F0CCD4DA6623} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {5841A81C-15C1-46EC-894D-918F4BB80506} - System32\Tasks\You Lyrics Update => C:\Program Files\uLyrics\ulUpdater.exe <==== ATTENTION
Task: {654FC94F-58E8-488C-AA29-0BAE84ED8311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-05] (Google Inc.)
Task: {69F67D2F-1C6E-4FCB-BFE5-3EF65D63C0C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0B3A4D8-447E-47DC-AD03-CAB313507ADC} - System32\Tasks\{1DDCA9F0-742C-4DE1-BD77-17E24060460E} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {E4651234-18D6-41A6-B27A-D33A9CF8F378} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-05] (Google Inc.)
Task: {EE6C2BF8-B26A-47C5-BAE0-778FDAA2AC45} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {EEE1084E-ADFD-4781-85E7-AF53D69DA91F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-26 18:26 - 2012-11-20 15:13 - 00264192 _____ () D:\Program Files\Razer\Razer Game Booster\D3DX8Wrapper.dll
2014-08-26 18:26 - 2013-11-12 08:57 - 00098304 _____ () D:\Program Files\Razer\Razer Game Booster\EasyHook32.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-25 20:44 - 2013-03-25 20:44 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-01 13:46 - 2008-10-14 11:46 - 00172032 _____ () C:\Program Files\Razer\Lachesis\razerhid.exe
2014-11-01 13:46 - 2008-10-15 16:47 - 00143360 _____ () C:\Program Files\Razer\Lachesis\razertra.exe
2014-10-29 14:32 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 14:32 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 14:32 - 2014-10-22 05:04 - 00310088 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libexif.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Besitzer\Downloads\bogiemogie (1).avi:TOC.WMV
AlternateDataStreams: C:\Users\Besitzer\Downloads\bogiemogie.avi:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1712319259-4035963724-2678702659-500 - Administrator - Disabled)
Besitzer (S-1-5-21-1712319259-4035963724-2678702659-1000 - Administrator - Enabled) => C:\Users\Besitzer
Gast (S-1-5-21-1712319259-4035963724-2678702659-501 - Limited - Enabled)
UpdatusUser (S-1-5-21-1712319259-4035963724-2678702659-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2014 01:45:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7e95efe0-3bd9-4052-bbb9-6e4254fe5f7b}

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4641435

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4641435

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4639688

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4639688

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4638112

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4638112

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/01/2014 05:27:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/01/2014 05:27:34 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.103 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (11/01/2014 05:27:34 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (11/01/2014 03:48:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/01/2014 03:48:34 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.103 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (11/01/2014 01:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/01/2014 01:59:06 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.103 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (11/01/2014 01:59:06 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.

Error: (11/01/2014 11:20:11 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.103 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.

Error: (11/01/2014 11:08:52 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.


Microsoft Office Sessions:
=========================
Error: (11/01/2014 01:45:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7e95efe0-3bd9-4052-bbb9-6e4254fe5f7b}

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4641435

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4641435

Error: (10/31/2014 08:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4639688

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4639688

Error: (10/31/2014 08:08:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4638112

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4638112

Error: (10/31/2014 08:08:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-06-05 14:25:02.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 12:21:13.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 12:18:01.086
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 12:10:26.100
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 12:10:11.576
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 11:59:09.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 11:46:48.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 11:37:37.306
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 11:34:00.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-05 11:33:13.056
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\nvapo32v.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 56%
Total physical RAM: 3065.88 MB
Available physical RAM: 1344.52 MB
Total Pagefile: 6330.9 MB
Available Pagefile: 4435.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1852.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.25 GB) (Free:3.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:187.83 GB) (Free:11.37 GB) NTFS
Drive f: (Renegade Game) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: ECE69603)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

schrauber · 01.11.2014, 22:24

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

enjoi · 01.11.2014, 22:55

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-10-29.01 - Besitzer 01.11.2014  22:40:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.931 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Besitzer\AppData\Local\Temp\INS_e3a09b36.TMP
c:\windows\IsUn0407.exe
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-01 bis 2014-11-01  ))))))))))))))))))))))))))))))
.
.
2014-11-01 21:46 . 2014-11-01 21:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-01 20:50 . 2014-11-01 20:53	--------	d-----w-	C:\FRST
2014-11-01 17:12 . 2014-11-01 17:12	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D756E5A2-5B8B-486D-8B00-06C0BA8AB9C1}\MpKsl67084dfe.sys
2014-11-01 17:12 . 2014-11-01 17:12	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D756E5A2-5B8B-486D-8B00-06C0BA8AB9C1}\offreg.dll
2014-11-01 16:49 . 2014-11-01 16:49	--------	d-----w-	c:\users\UpdatusUser
2014-11-01 16:47 . 2014-11-01 16:49	--------	d-----w-	c:\programdata\NVIDIA
2014-11-01 16:47 . 2012-12-29 08:25	62904	----a-w-	c:\windows\system32\nvshext.dll
2014-11-01 16:46 . 2012-12-29 08:26	3001272	----a-w-	c:\windows\system32\nvsvc.dll
2014-11-01 16:46 . 2012-12-29 08:25	639928	----a-w-	c:\windows\system32\nvvsvc.exe
2014-11-01 16:46 . 2012-12-29 08:25	2557880	----a-w-	c:\windows\system32\nvsvcr.dll
2014-11-01 16:46 . 2012-12-29 08:26	4129720	----a-w-	c:\windows\system32\nvcpl.dll
2014-11-01 16:46 . 2012-12-29 08:25	108984	----a-w-	c:\windows\system32\nvmctray.dll
2014-11-01 16:43 . 2014-11-01 16:43	--------	d-----w-	c:\programdata\NVIDIA Corporation
2014-11-01 16:42 . 2014-11-01 16:48	--------	d-----w-	c:\windows\LastGood
2014-11-01 16:38 . 2014-11-01 16:42	--------	d-----w-	c:\users\Besitzer\{e26bfdd1-00b3-4e0d-8588-2e0f18b78c1b}
2014-11-01 16:37 . 2012-12-29 10:26	1017272	----a-w-	c:\windows\system32\nvdispco32.dll
2014-11-01 16:37 . 2012-12-29 10:26	8904632	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-11-01 16:37 . 2012-12-29 10:26	889784	----a-w-	c:\windows\system32\nvdispgenco32.dll
2014-11-01 16:37 . 2012-12-29 10:26	7931896	----a-w-	c:\windows\system32\nvcuda.dll
2014-11-01 16:37 . 2012-12-29 10:26	6263784	----a-w-	c:\windows\system32\nvopencl.dll
2014-11-01 16:37 . 2012-12-29 10:26	2720696	----a-w-	c:\windows\system32\nvcuvid.dll
2014-11-01 16:37 . 2012-12-29 10:26	2504248	----a-w-	c:\windows\system32\nvapi.dll
2014-11-01 16:37 . 2012-12-29 10:26	20450232	----a-w-	c:\windows\system32\nvoglv32.dll
2014-11-01 16:37 . 2012-12-29 10:26	1985976	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-11-01 16:37 . 2012-12-29 10:26	17560504	----a-w-	c:\windows\system32\nvcompiler.dll
2014-11-01 16:37 . 2012-12-29 10:26	15129064	----a-w-	c:\windows\system32\nvd3dum.dll
2014-11-01 16:37 . 2012-12-29 10:26	12641120	----a-w-	c:\windows\system32\nvwgf2um.dll
2014-11-01 13:11 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D756E5A2-5B8B-486D-8B00-06C0BA8AB9C1}\mpengine.dll
2014-11-01 12:55 . 2007-08-08 08:51	249856	----a-w-	c:\windows\system32\Lachesis.cpl
2014-11-01 12:55 . 2005-12-21 10:23	14592	----a-w-	c:\windows\system32\drivers\Usbicp.sys
2014-11-01 12:46 . 2007-08-08 10:04	12032	----a-w-	c:\windows\system32\drivers\Lachesis.sys
2014-11-01 12:46 . 2014-11-01 12:46	--------	d-----w-	c:\program files\Razer
2014-11-01 12:42 . 2014-11-01 12:42	--------	d-----w-	c:\program files\LachesisEnglish
2014-10-31 11:44 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-16 18:04 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-16 18:04 . 2014-06-13 18:22	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-16 18:04 . 2014-06-13 18:22	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-16 17:58 . 2014-09-09 06:24	2048	----a-w-	c:\windows\system32\tzres.dll
2014-10-16 17:57 . 2014-08-23 01:03	297984	----a-w-	c:\windows\system32\gdi32.dll
2014-10-16 17:56 . 2014-09-27 23:29	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-16 16:52 . 2014-09-04 23:27	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-16 16:51 . 2014-09-16 16:56	66560	----a-w-	c:\windows\system32\packager.dll
2014-10-11 22:38 . 2014-10-11 22:38	--------	d-----w-	c:\program files\Common Files\Skype
2014-10-11 22:38 . 2014-10-11 22:38	--------	d-----r-	c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2012-08-21 14:04	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-09-24 15:54 . 2012-08-21 13:14	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 15:54 . 2012-08-21 13:14	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-16 23:39 . 2014-10-01 09:45	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59E84753-75F6-4ADB-9983-DF769CB80A98}\gapaengine.dll
2014-09-16 23:39 . 2012-10-01 16:46	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-07 1514040]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Steam"="d:\games\Steam\steam.exe" [2014-10-21 1938624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-22 178712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
"RazerGameBooster"="d:\program files\Razer\Razer Game Booster\RazerGameBooster.exe" [2014-02-25 61152]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL67084DFE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 13:21	1089352	----a-w-	c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 15:54]
.
2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-05 11:33]
.
2014-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-05 11:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-Desura - c:\program files\Desura\desura.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Neverwinter - d:\games\Neverwinter\Cryptic Studios\Uninstall Neverwinter.exe
AddRemove-Renegade - d:\games\Renegade\Uninstll.exe
AddRemove-Snow-War 2.1 - d:\games\cs 1.6 bots\snowwar\snow\Uninstall.exe
AddRemove-Soldier of Fortune - Community Edition 5.1 - d:\games\Soldier of Fortune\Uninstall.exe
AddRemove-Theme Park World - c:\windows\IsUn0407.exe
AddRemove-Tropico 4 - d:\games\Tropico 4\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-11-01 22:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1712319259-4035963724-2678702659-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1712319259-4035963724-2678702659-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1712319259-4035963724-2678702659-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1712319259-4035963724-2678702659-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1712319259-4035963724-2678702659-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1712319259-4035963724-2678702659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
Zeit der Fertigstellung: 2014-11-01  22:49:27
ComboFix-quarantined-files.txt  2014-11-01 21:49
.
Vor Suchlauf: 3.925.889.024 Bytes frei
Nach Suchlauf: 5.636.923.392 Bytes frei
.
- - End Of File - - A0CAEC9A1E5E3DEFB655146E006572BF

--- --- ---
5C616939100B85E558DA92B899A0FC36

schrauber · 02.11.2014, 15:09

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

enjoi · 02.11.2014, 18:24

Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 02.11.2014
Suchlauf-Zeit: 17:31:12
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.02.05
Rootkit Datenbank: v2014.11.01.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Besitzer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 343977
Verstrichene Zeit: 12 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 7
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [c835f83e4933c472def5da0b778bbb45],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [e01d76c05725cb6b20b44d98d92919e7],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [2dd044f2e49839fdfc0189d9a2618878],
PUP.Optional.AdLyrics.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\abfmigjiaapipflmopkaaooigcjjdojh, In Quarantäne, [37c6e84ef686e94d6b4175ba7e85c937],
PUP.Optional.AdLyrics.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gfhdkohbepelnfckgjinfddmecpngnpb, In Quarantäne, [e21b1620106c9e98f5ada8f545bf57a9],
PUP.Optional.AdLyrics.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gfhdkohbepelnfckgjinfddmecpngnpb, In Quarantäne, [f5089d99007cf4423171623be024a65a],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1712319259-4035963724-2678702659-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [6b920432cdaf0f27c836e87a828147b9],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 14
PUP.Optional.Solimba, C:\Users\Besitzer\Downloads\Roller Coaster Tycoon- Loopy Landscapes Expansion 1.0 (1).exe, In Quarantäne, [a05d181ec9b3f14570838498d62b01ff],
PUP.Optional.Solimba, C:\Users\Besitzer\Downloads\Roller Coaster Tycoon- Loopy Landscapes Expansion 1.0.exe, In Quarantäne, [a6574beb1864a98d5e9553c9956cfd03],
PUP.Optional.IBryte.A, C:\Users\Besitzer\Downloads\setup.exe, In Quarantäne, [c93470c6bcc09c9abc083be3d031a060],
PUP.Optional.OpenCandy, C:\Users\Besitzer\Downloads\DTLite4461-0327.exe, In Quarantäne, [a75621159fdd21154b3fbf9ed1340ff1],
PUP.Optional.Installrex, C:\Users\Besitzer\Downloads\Alex K. and D.J.I.G. - Now's My Time - [MP3Juices.com].exe, In Quarantäne, [fffeb77f3d3f2e08f7ea56d1fb0637c9],
PUP.Optional.AirInstaller, C:\Users\Besitzer\Downloads\Unlimited Downloads.exe, In Quarantäne, [f20b5bdb027a86b0de8270b32fd2e31d],
PUP.Optional.Somoto, C:\Users\Besitzer\Downloads\etypesetup (1).exe, In Quarantäne, [4bb2a096b1cb79bd5a68223ae91ccb35],
PUP.Optional.Somoto, C:\Users\Besitzer\Downloads\etypesetup.exe, In Quarantäne, [c73631055527d56152700a52c63fa15f],
PUP.Optional.Spigot, C:\Users\Besitzer\Downloads\YTD483Setup.exe, In Quarantäne, [6697bb7b6b11a98dd75d00b2dd24ce32],
PUP.Optional.Boost.A, C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, In Quarantäne, [f7069a9c68146bcb9f0e40faec177f81],
PUP.Optional.Boost.A, C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [cb3243f33f3d999d6f3e0a300102ef11],
PUP.Optional.Boost.A, C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, In Quarantäne, [5e9fef474636e84e5b533a0029da6c94],
PUP.Optional.Boost.A, C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, In Quarantäne, [8f6ebe78e696b581e4caa892de25bd43],
PUP.Optional.Lyrics.A, C:\Windows\System32\Tasks\You Lyrics Update, In Quarantäne, [4cb1c27434489a9ce29ce857c43f24dc],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)

(end)

-------------------------------------------------------------------------------------
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.002 - Bericht erstellt am 02/11/2014 um 18:05:07
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Besitzer - BESITZER-PC
# Gestartet von : C:\Users\Besitzer\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Besitzer\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Program Files\GreenTree Applications
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
[!] Ordner Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [9023 octets] - [02/11/2014 17:54:57]
AdwCleaner[S0].txt - [8521 octets] - [02/11/2014 18:05:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8581 octets] ##########

--- --- ---

------------------------------------------------------------------------------------JRT Logfile:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Besitzer on 02.11.2014 at 18:15:15,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.11.2014 at 18:17:21,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

-------------------------------------------------------------------------------------

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Besitzer (administrator) on BESITZER-PC on 02-11-2014 18:19:28
Running from C:\Users\Besitzer\Desktop\Games und Programme
Loaded Profiles: Besitzer & UpdatusUser (Available profiles: Besitzer & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\main.exe
() C:\Program Files\Razer\Lachesis\razerhid.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(razercfg MFC Application) C:\Program Files\Razer\Lachesis\OSD.exe
() C:\Program Files\Razer\Lachesis\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Lachesis\razerofa.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM\...\Run: [RazerGameBooster] => D:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM\...\Run: [Lachesis] => C:\Program Files\Razer\Lachesis\razerhid.exe [172032 2008-10-14] ()
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Spotify Web Helper] => C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-09-30] (Alcohol Soft Development Team)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-21]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files\LyricsContainer\130.xpi

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-05]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-05]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-05]
CHR Extension: (Google Cast) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-19]
CHR Extension: (Google-Suche) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-05]
CHR Extension: (AdBlock) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-24]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; D:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-18] (Duplex Secure Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
U3 a0pn76ce; C:\Windows\system32\Drivers\a0pn76ce.sys [0 ] (Intel Corporation)
U3 a1ziotu2; C:\Windows\system32\Drivers\a1ziotu2.sys [0 ] (Intel Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Besitzer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 18:17 - 2014-11-02 18:17 - 00000637 _____ () C:\Users\Besitzer\Desktop\JRT.txt
2014-11-02 18:15 - 2014-11-02 18:15 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 18:07 - 2014-11-02 18:07 - 00008661 _____ () C:\Users\Besitzer\Desktop\AdwCleaner[S0].txt
2014-11-02 17:54 - 2014-11-02 18:05 - 00000000 ____D () C:\AdwCleaner
2014-11-02 17:53 - 2014-11-02 17:53 - 00004415 _____ () C:\Users\Besitzer\Desktop\mbam.txt
2014-11-02 17:30 - 2014-11-02 17:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-02 17:30 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 17:30 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 17:30 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 17:23 - 2014-11-02 17:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Besitzer\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 11:49 - 2014-11-02 11:49 - 00000851 _____ () C:\Windows\system\Cm108.ini
2014-11-02 11:49 - 2013-05-20 08:24 - 00001343 _____ () C:\Windows\cm108.ini
2014-11-02 11:49 - 2013-05-20 08:15 - 00303104 ____N () C:\Windows\system32\CmiInstallResAll.dll
2014-11-02 11:48 - 2014-11-02 11:48 - 49590237 _____ () C:\Users\Besitzer\Downloads\00113703_XP_Vista_7_8.zip
2014-11-01 22:49 - 2014-11-01 22:49 - 00013075 _____ () C:\ComboFix.txt
2014-11-01 22:38 - 2014-11-01 22:49 - 00000000 ____D () C:\ComboFix
2014-11-01 22:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-01 22:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-01 22:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-01 22:37 - 2014-11-01 22:49 - 00000000 ____D () C:\Qoobox
2014-11-01 22:36 - 2014-11-01 22:48 - 00000000 ____D () C:\Windows\erdnt
2014-11-01 21:51 - 2014-11-01 21:53 - 00027932 _____ () C:\Users\Besitzer\Downloads\Addition.txt
2014-11-01 21:50 - 2014-11-02 18:19 - 00000000 ____D () C:\FRST
2014-11-01 21:50 - 2014-11-01 21:53 - 00032199 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2014-11-01 17:49 - 2014-11-01 17:49 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-11-01 17:49 - 2012-10-09 15:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-01 17:47 - 2014-11-01 17:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-01 17:47 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 17:46 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 17:43 - 2014-11-01 17:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 17:38 - 2014-11-01 17:42 - 00000000 ____D () C:\Users\Besitzer\{e26bfdd1-00b3-4e0d-8588-2e0f18b78c1b}
2014-11-01 17:37 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 17:37 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 17:31 - 2014-11-01 17:34 - 174957352 _____ (NVIDIA Corporation) C:\Users\Besitzer\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql.exe
2014-11-01 13:55 - 2007-08-08 09:51 - 00249856 _____ (Razer Inc.) C:\Windows\system32\Lachesis.cpl
2014-11-01 13:55 - 2005-12-21 11:23 - 00014592 _____ (Motorola) C:\Windows\system32\Drivers\Usbicp.sys
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files\Razer
2014-11-01 13:46 - 2007-08-08 11:04 - 00012032 _____ (Razer (Asia-Pacific) Pte Ltd) C:\Windows\system32\Drivers\Lachesis.sys
2014-11-01 13:42 - 2014-11-01 13:42 - 00000000 ____D () C:\Program Files\LachesisEnglish
2014-11-01 13:40 - 2014-11-01 13:41 - 07674253 _____ () C:\Users\Besitzer\Downloads\LachesisEnglish.zip
2014-11-01 13:21 - 2014-11-01 13:21 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-11-01 13:21 - 2014-11-01 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-11-01 13:04 - 2014-11-01 13:05 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Besitzer\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-10-27 13:35 - 2014-10-27 13:35 - 00000835 _____ () C:\Users\Besitzer\Desktop\CS GO.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00001834 _____ () C:\Users\Besitzer\Desktop\Skype.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00000554 _____ () C:\Users\Besitzer\Desktop\Steam.lnk
2014-10-16 19:04 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:58 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-16 18:57 - 2014-08-23 02:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-16 18:56 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 17:52 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 17:51 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 17:21 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 17:21 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 17:21 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 17:21 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 17:21 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 17:21 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 17:21 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 17:21 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 17:21 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 17:21 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 17:21 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 17:21 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ___RD () C:\Program Files\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-08 15:26 - 2014-10-08 15:26 - 00004932 _____ () C:\Users\Besitzer\Downloads\bibanator_csgo_gaming_cfg_13-06-2014.rar
2014-10-08 15:12 - 2014-10-08 15:12 - 00000277 _____ () C:\Users\Besitzer\Downloads\walkshoot.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 18:19 - 2013-03-21 01:43 - 00000000 ____D () C:\Users\Besitzer\Desktop\Games und Programme
2014-11-02 18:14 - 2009-04-11 17:55 - 01575930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 18:13 - 2009-04-11 13:37 - 01703774 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 18:11 - 2013-05-18 12:37 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\LogMeIn Hamachi
2014-11-02 18:10 - 2013-04-03 21:17 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Skype
2014-11-02 18:07 - 2013-06-23 17:24 - 00000000 ____D () C:\Temp
2014-11-02 18:07 - 2013-01-01 18:27 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-02 18:06 - 2013-04-05 12:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 18:06 - 2008-01-21 03:47 - 00201568 _____ () C:\Windows\PFRO.log
2014-11-02 18:06 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 18:06 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 18:06 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 18:05 - 2012-12-25 22:18 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\CRE
2014-11-02 18:05 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-02 17:54 - 2012-08-30 12:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 17:46 - 2013-03-20 01:19 - 00000000 ___HD () C:\Windows\PIF
2014-11-02 17:21 - 2013-04-05 12:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 11:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2014-11-01 22:49 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-11-01 22:49 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-11-01 22:47 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 17:49 - 2012-08-21 14:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 17:48 - 2012-08-21 14:09 - 00000000 ____D () C:\Users\Besitzer
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Razer
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-01 13:55 - 2012-08-21 14:47 - 00015338 _____ () C:\Windows\DPINST.LOG
2014-11-01 13:46 - 2012-08-21 14:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-01 13:21 - 2014-02-08 16:31 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-11-01 00:56 - 2014-02-08 16:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TS3Client
2014-10-31 16:39 - 2013-02-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marine Bot
2014-10-31 16:37 - 2014-04-30 01:50 - 00000000 ____D () C:\Program Files\EslWire
2014-10-31 16:31 - 2014-08-30 04:13 - 00000000 ____D () C:\ProgramData\Desura
2014-10-30 16:37 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Spotify
2014-10-30 16:14 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Spotify
2014-10-30 12:24 - 2012-08-21 15:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:33 - 2014-06-14 14:12 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 21:26 - 2013-03-14 19:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc
2014-10-23 14:47 - 2012-09-15 20:09 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-10-21 15:06 - 2012-08-30 12:42 - 00032256 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 15:48 - 2012-09-15 20:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-19 15:02 - 2012-10-08 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 19:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 19:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:15 - 2006-11-02 13:47 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 18:15 - 2013-08-13 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:55 - 2012-08-21 14:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-10-16 17:54 - 2012-08-21 14:58 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-16 17:53 - 2012-08-21 14:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 23:38 - 2013-04-03 21:17 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 09:03 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Besitzer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-02 18:15

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 03.11.2014, 14:32

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

enjoi · 03.11.2014, 19:33

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=de4aac5ca526de4c8ae61b2e4c828227
# engine=20906
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-03 02:54:54
# local_time=2014-11-03 03:54:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1548079 86320116 0 0
# scanned=32352
# found=5
# cleaned=0
# scan_time=2966
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=de4aac5ca526de4c8ae61b2e4c828227
# engine=20909
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-03 06:22:52
# local_time=2014-11-03 07:22:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1560557 86332594 0 0
# scanned=244947
# found=18
# cleaned=0
# scan_time=12269
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=BD10722D32BC2313BB048E3B6F2338B7AA4C1CD4 ft=1 fh=d347ed71c37dc3a9 vn="Win32/AdWare.1ClickDownload.AT Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=C5A07C6647A4228B39A382EE5246235CFDD94A82 ft=1 fh=1901ca3fd08316cd vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\cbsidlm-cbsi134-Winmail_Opener-BP-10469892.exe"
sh=78E72708F36CB627131D993CF3707A53EE31FF2F ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\COMPUTER_BILD-Download-Manager_fuer_tmnationsforever_setup.exe"
sh=BF2413BF9E72F51D03AC306852D817E62B355CFA ft=1 fh=a17fa48807d3e34b vn="MSIL/Solimba.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\daemon tools.exe"
sh=B53AE3A1ADBB321EC303674120E5CA414CFBD3BC ft=1 fh=ef36cfb0a3713941 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\mp3DirectCut - CHIP-Downloader.exe"
sh=DEF930980AD95C5B3FCA0C7925C22D61424FE65E ft=1 fh=66a643d5fcb295dc vn="Win32/InstalleRex.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\SaveAs.exe"
sh=BD6C947A7831A901E1D060B1863B474816950064 ft=1 fh=3a689cdc2252df17 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe"
sh=085BAA282C308FD01E5C46F54B1BDF2F109569C6 ft=1 fh=7cb66b54bd716b94 vn="MSIL/Solimba.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\VLC Player .exe"
sh=95DD40B95C13A8AC8ECDDCF14D6BAE67EDBA9D1C ft=1 fh=954e5df4ab3166fa vn="Win32/DomaIQ.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\zipper_V.5050187.exe"
sh=E6F80C7A8F2CF369F507F458DAAD033E85228060 ft=1 fh=8e7def62ee5e203e vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="D:\dateien - 14.08.12\Desktop\Pazera_Free_MOV_to_AVI_Converter_1.4.exe"
sh=6D3CCC9D513B34C7B4D17B6962E3AC27AA477961 ft=1 fh=748e8aaa27f34774 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="D:\NEUE DATEIEIEN\AppData\Local\Temp\7p1vu36d.tmp\SoftonicDownloader_fuer_bejeweled-add-on-for-wow.exe"
sh=CFCF0ADB9C1CF62D655041B7082EF3B017E1C3EF ft=1 fh=c3cf7631b8bb7034 vn="Variante von Win32/LoadTubes.A evtl. unerwünschte Anwendung" ac=I fn="D:\NEUE DATEIEIEN\AppData\Local\Temp\7soav5hu.tmp\setup_codec_3dx.exe"
sh=043EBE94F75E8A071162BB6779A54AA50F302C29 ft=1 fh=85723e4bf424e9dd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\NEUE DATEIEIEN\Downloads\FreeYouTubeDownload_3.1.22.exe"

Results of screen317's Security Check version 0.99.89
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader 10.1.12 Adobe Reader out of Date!
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

also das größte sichtbare problem waren die ganzen ads im browser, die auch mit adblock immer da waren. die sind 100% weg!
ich danke vielmals für die nette und freundliche und vor allem schnelle hilfe!
werde dieses forum auf jeden fall besten herzens weiter empfehlen!

schrauber · 04.11.2014, 10:54

Das frische FRST log fehlt noch, dann können wir aufräumen

enjoi · 04.11.2014, 11:13

natürlich, ganz vergessen:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2014
Ran by Besitzer (administrator) on BESITZER-PC on 04-11-2014 11:11:31
Running from C:\Users\Besitzer\Desktop\Games und Programme
Loaded Profiles: Besitzer & UpdatusUser (Available profiles: Besitzer & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Razer Inc.) D:\Program Files\Razer\Razer Game Booster\main.exe
() C:\Program Files\Razer\Lachesis\razerhid.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(razercfg MFC Application) C:\Program Files\Razer\Lachesis\OSD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Razer\Lachesis\razertra.exe
(Razer Inc.) C:\Program Files\Razer\Lachesis\razerofa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM\...\Run: [RazerGameBooster] => D:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM\...\Run: [Lachesis] => C:\Program Files\Razer\Lachesis\razerhid.exe [172032 2008-10-14] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [9605912 2014-10-14] (Logitech Inc.)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Spotify Web Helper] => C:\Users\Besitzer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-07] (Spotify Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-09-30] (Alcohol Soft Development Team)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1712319259-4035963724-2678702659-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1712319259-4035963724-2678702659-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-21]
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files\LyricsContainer\130.xpi

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-05]
CHR Extension: (Google Drive) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-05]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-05]
CHR Extension: (Google Cast) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-19]
CHR Extension: (Google-Suche) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-05]
CHR Extension: (AdBlock) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-04-24]
CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Mail) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; D:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC.sys [13264 2014-07-30] (Windows (R) Win 7 DDK provider)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378392 2013-04-15] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [78616 2013-04-15] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-18] (Duplex Secure Ltd.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44544 2012-09-28] (Apple, Inc.) [File not signed]
U3 ajapykz7; C:\Windows\system32\Drivers\ajapykz7.sys [0 ] (Microsoft Corporation)
U3 ajonoe3d; C:\Windows\system32\Drivers\ajonoe3d.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Besitzer\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-03 15:57 - 2014-11-03 15:57 - 02347384 _____ (ESET) C:\Users\Besitzer\Downloads\esetsmartinstaller_deu (1).exe
2014-11-03 14:58 - 2014-11-03 14:58 - 02347384 _____ (ESET) C:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe
2014-11-03 13:31 - 2014-11-03 13:31 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2014-11-03 13:23 - 2014-11-03 13:23 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-11-03 13:22 - 2014-11-03 13:22 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Logitech
2014-11-03 13:13 - 2014-11-03 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-11-03 13:12 - 2014-11-03 13:22 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-11-03 13:12 - 2014-11-03 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 13:10 - 2014-11-03 13:10 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Logitech
2014-11-03 13:10 - 2014-11-03 13:10 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Logishrd
2014-11-03 13:08 - 2014-11-03 13:09 - 63059552 _____ (Logitech Inc.) C:\Users\Besitzer\Downloads\LGS_8.57.145_x86_Logitech.exe
2014-11-02 18:15 - 2014-11-02 18:15 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 17:54 - 2014-11-02 18:05 - 00000000 ____D () C:\AdwCleaner
2014-11-02 17:30 - 2014-11-02 17:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 17:30 - 2014-11-02 17:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-02 17:30 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 17:30 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 17:30 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 17:23 - 2014-11-02 17:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Besitzer\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 11:49 - 2014-11-02 11:49 - 00000851 _____ () C:\Windows\system\Cm108.ini
2014-11-02 11:49 - 2013-05-20 08:24 - 00001343 _____ () C:\Windows\cm108.ini
2014-11-02 11:49 - 2013-05-20 08:15 - 00303104 ____N () C:\Windows\system32\CmiInstallResAll.dll
2014-11-02 11:48 - 2014-11-02 11:48 - 49590237 _____ () C:\Users\Besitzer\Downloads\00113703_XP_Vista_7_8.zip
2014-11-01 22:49 - 2014-11-01 22:49 - 00013075 _____ () C:\ComboFix.txt
2014-11-01 22:38 - 2014-11-01 22:49 - 00000000 ____D () C:\ComboFix
2014-11-01 22:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-01 22:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-01 22:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-01 22:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-01 22:37 - 2014-11-01 22:49 - 00000000 ____D () C:\Qoobox
2014-11-01 22:36 - 2014-11-01 22:48 - 00000000 ____D () C:\Windows\erdnt
2014-11-01 21:51 - 2014-11-01 21:53 - 00027932 _____ () C:\Users\Besitzer\Downloads\Addition.txt
2014-11-01 21:50 - 2014-11-04 11:11 - 00000000 ____D () C:\FRST
2014-11-01 21:50 - 2014-11-01 21:53 - 00032199 _____ () C:\Users\Besitzer\Downloads\FRST.txt
2014-11-01 17:49 - 2014-11-01 17:49 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-11-01 17:49 - 2014-11-01 17:49 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2014-11-01 17:49 - 2012-10-09 15:03 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Microsoft Help
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-01 17:49 - 2008-01-21 03:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-01 17:47 - 2014-11-01 17:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-01 17:47 - 2012-12-29 09:25 - 00062904 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 04129720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-01 17:46 - 2012-12-29 09:26 - 03001272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 02557880 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-01 17:46 - 2012-12-29 09:25 - 00639928 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-01 17:46 - 2012-12-29 09:25 - 00108984 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-01 17:43 - 2014-11-01 17:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-01 17:38 - 2014-11-01 17:42 - 00000000 ____D () C:\Users\Besitzer\{e26bfdd1-00b3-4e0d-8588-2e0f18b78c1b}
2014-11-01 17:37 - 2012-12-29 11:26 - 20450232 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 17560504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 15129064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 12641120 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 08904632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-01 17:37 - 2012-12-29 11:26 - 07931896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 06263784 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02720696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 02504248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01985976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 01017272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00889784 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco32.dll
2014-11-01 17:37 - 2012-12-29 11:26 - 00013153 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 17:31 - 2014-11-01 17:34 - 174957352 _____ (NVIDIA Corporation) C:\Users\Besitzer\Downloads\310.90-notebook-win8-win7-winvista-32bit-international-whql.exe
2014-11-01 13:55 - 2007-08-08 09:51 - 00249856 _____ (Razer Inc.) C:\Windows\system32\Lachesis.cpl
2014-11-01 13:55 - 2005-12-21 11:23 - 00014592 _____ (Motorola) C:\Windows\system32\Drivers\Usbicp.sys
2014-11-01 13:46 - 2014-11-01 13:46 - 00000000 ____D () C:\Program Files\Razer
2014-11-01 13:46 - 2007-08-08 11:04 - 00012032 _____ (Razer (Asia-Pacific) Pte Ltd) C:\Windows\system32\Drivers\Lachesis.sys
2014-11-01 13:42 - 2014-11-01 13:42 - 00000000 ____D () C:\Program Files\LachesisEnglish
2014-11-01 13:40 - 2014-11-01 13:41 - 07674253 _____ () C:\Users\Besitzer\Downloads\LachesisEnglish.zip
2014-11-01 13:21 - 2014-11-01 13:21 - 00000959 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-11-01 13:21 - 2014-11-01 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-11-01 13:04 - 2014-11-01 13:05 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Besitzer\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-10-27 13:35 - 2014-10-27 13:35 - 00000835 _____ () C:\Users\Besitzer\Desktop\CS GO.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00001834 _____ () C:\Users\Besitzer\Desktop\Skype.lnk
2014-10-20 15:51 - 2014-10-20 15:51 - 00000554 _____ () C:\Users\Besitzer\Desktop\Steam.lnk
2014-10-16 19:04 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:04 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:58 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-16 18:57 - 2014-08-23 02:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-16 18:56 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 17:52 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 17:51 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 17:21 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 17:21 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 17:21 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 17:21 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 17:21 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 17:21 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 17:21 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 17:21 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 17:21 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 17:21 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 17:21 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 17:21 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 17:21 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 17:21 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ___RD () C:\Program Files\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-11 23:38 - 2014-10-11 23:38 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-08 15:26 - 2014-10-08 15:26 - 00004932 _____ () C:\Users\Besitzer\Downloads\bibanator_csgo_gaming_cfg_13-06-2014.rar
2014-10-08 15:12 - 2014-10-08 15:12 - 00000277 _____ () C:\Users\Besitzer\Downloads\walkshoot.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 11:11 - 2013-03-21 01:43 - 00000000 ____D () C:\Users\Besitzer\Desktop\Games und Programme
2014-11-04 11:06 - 2009-04-11 17:55 - 01575930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 11:04 - 2013-05-18 12:37 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\LogMeIn Hamachi
2014-11-04 11:04 - 2009-04-11 13:37 - 01830076 _____ () C:\Windows\WindowsUpdate.log
2014-11-04 11:02 - 2013-04-03 21:17 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Skype
2014-11-04 11:00 - 2013-01-01 18:27 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-04 10:59 - 2013-06-23 17:24 - 00000000 ____D () C:\Temp
2014-11-04 10:59 - 2013-04-05 12:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-04 10:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 10:59 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 10:59 - 2006-11-02 13:47 - 00004240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 01:20 - 2006-11-02 14:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 00:53 - 2012-08-30 12:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 00:21 - 2013-04-05 12:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-03 19:51 - 2008-01-21 03:47 - 00202366 _____ () C:\Windows\PFRO.log
2014-11-03 19:32 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Spotify
2014-11-03 19:31 - 2012-08-30 12:27 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Spotify
2014-11-03 13:31 - 2012-08-21 14:47 - 00020680 _____ () C:\Windows\DPINST.LOG
2014-11-03 13:23 - 2006-11-02 13:52 - 00114024 _____ () C:\Windows\setupact.log
2014-11-03 13:22 - 2012-08-21 14:09 - 00000000 ____D () C:\Users\Besitzer
2014-11-02 18:38 - 2012-09-01 10:52 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-02 18:05 - 2012-12-25 22:18 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\CRE
2014-11-02 17:46 - 2013-03-20 01:19 - 00000000 ___HD () C:\Windows\PIF
2014-11-02 11:49 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2014-11-01 22:49 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-11-01 22:49 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-11-01 22:47 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-11-01 17:49 - 2012-08-21 14:40 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Razer
2014-11-01 13:55 - 2014-08-26 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-01 13:46 - 2012-08-21 14:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-01 13:21 - 2014-02-08 16:31 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-11-01 00:56 - 2014-02-08 16:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TS3Client
2014-10-31 16:39 - 2013-02-18 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marine Bot
2014-10-31 16:37 - 2014-04-30 01:50 - 00000000 ____D () C:\Program Files\EslWire
2014-10-31 16:31 - 2014-08-30 04:13 - 00000000 ____D () C:\ProgramData\Desura
2014-10-30 12:24 - 2012-08-21 15:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:33 - 2014-06-14 14:12 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 21:26 - 2013-03-14 19:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\vlc
2014-10-23 14:47 - 2012-09-15 20:09 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-10-21 15:06 - 2012-08-30 12:42 - 00032256 _____ () C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 15:48 - 2012-09-15 20:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-19 15:02 - 2012-10-08 19:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 19:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 19:33 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:15 - 2006-11-02 13:47 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-16 18:15 - 2013-08-13 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 17:55 - 2012-08-21 14:59 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-10-16 17:54 - 2012-08-21 14:58 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-16 17:53 - 2012-08-21 14:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 23:38 - 2013-04-03 21:17 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Besitzer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-04 11:05

==================== End Of Log ============================

--- --- ---

schrauber · 04.11.2014, 20:35

Java und Adobe updaten.
Download Ordner leeren.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

enjoi · 04.11.2014, 21:17

Ich bedanke mich wirklich recht herzlich, habe alles wie beschrieben befolgt und bin voll und ganz zufrieden!

habe keine Probleme mehr und damit kann dieser Thread offiziell als "closed" angesehen werden

VIELEN DANK!!!

schrauber · 05.11.2014, 17:27

Gern Geschehen

04.11.2014, 10:54	#8
schrauber /// the machine /// TB-Ausbilder	.scr datei geöffnet - angst vor trojaner und anderer virensoftware Das frische FRST log fehlt noch, dann können wir aufräumen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

05.11.2014, 17:27	#12
schrauber /// the machine /// TB-Ausbilder	.scr datei geöffnet - angst vor trojaner und anderer virensoftware Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

.scr datei geöffnet - angst vor trojaner und anderer virensoftware

Log-Analyse und Auswertung: .scr datei geöffnet - angst vor trojaner und anderer virensoftware