Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ads by BetterMarkIt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2014, 09:43   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



keine Rückmeldung hat nix mit Abstürzen zu tun


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
C:\Users\Admin\AppData\Local\BoBrowser
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.12.2014, 14:58   #17
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Bekam während dem Fix eine Error Meldung.
Darin war auf das Verzeichnis in dem FRST installiert war verwiesen, mit folgendem Wortlaut.

"AutoIt Error

Line 9686
Error: Error in expression"

Ads sind auch noch da leider. Ich kenne mich mit der Informatik hinter den Code-Zeilen null aus, deshalb wollte ich mal fragen, ob du weisst womit ich es hier zu tun habe. Es scheint ja irgendein extrem hartnäckiges und tiefsitzendes Script zu sein, wenn nichts hilft und die Standard Malware- und Viren-Scanner nicht mal etwas finden. Spiele so langsam mit dem Gedanken, zu formatieren.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-12-2014 01
Ran by Admin at 2014-12-21 14:49:01 Run:2
Running from c:\Users\Admin\Downloads
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {945E8773-666E-4BB1-B663-544350D73767} - System32\Tasks\Run_Bobby_Browser => C:\Users\Admin\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
C:\Users\Admin\AppData\Local\BoBrowser
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{945E8773-666E-4BB1-B663-544350D73767}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{945E8773-666E-4BB1-B663-544350D73767}" => Key deleted successfully.
C:\Windows\System32\Tasks\Run_Bobby_Browser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => Key deleted successfully.
"C:\Users\Admin\AppData\Local\BoBrowser" => File/Directory not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found. 
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found. 
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} => value deleted successfully.
"HKCR\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}" => Key Deleted successfully.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => value deleted successfully.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} => Key not found. 
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll => Moved successfully.
EmptyTemp: => Removed 422.8 MB temporary data.
         
__________________


Alt 22.12.2014, 13:25   #18
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Das ist einfach nur Adware. Die aber irgendwie tiefer als normal sitzt.
Öffne bitte FRST, setz nen Haken bei Addition und scanne, poste bitte nochmal beide Logfiles.
__________________
__________________

Alt 22.12.2014, 15:44   #19
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Admin (administrator) on ADMIN-PC on 22-12-2014 15:42:37
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 a3l07x83; C:\Windows\system32\Drivers\a3l07x83.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:42 - 2014-12-22 15:42 - 00010849 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-12-22 15:42 - 2014-12-22 15:42 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2014-12-20 16:08 - 2014-12-21 14:48 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-20 16:10 - 00027450 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2014-12-22 15:42 - 01114112 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-12-09 19:23 - 2014-12-22 15:42 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2014-12-20 16:10 - 00025346 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-18 10:56 - 00039300 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe
2014-12-03 00:01 - 2014-12-03 00:01 - 00000552 _____ () C:\Users\Admin\AppData\Local\d3d8caps.dat
2014-12-02 23:46 - 2014-12-02 23:47 - 28281816 _____ () C:\Users\Admin\Downloads\Turok 2 - Seeds of Evil (D).zip
2014-12-02 23:12 - 2014-12-02 23:12 - 11848358 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire (Europe).zip
2014-11-25 23:28 - 2014-11-25 23:28 - 11781055 _____ () C:\Users\Admin\Downloads\Star Wars - Shadows of the Empire.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 15:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 14:27 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 14:27 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 09:27 - 2008-01-21 02:35 - 01994122 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 12:28 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-21 12:27 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 02:30 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 20:22 - 2012-06-13 15:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 20:22 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-11-24 16:56 - 2012-07-27 18:18 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-24 14:04 - 2009-10-02 16:45 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-22 12:47

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Admin at 2014-12-22 15:43:05
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

09-12-2014 18:20:31 Revo Uninstaller's restore point - Premiumplay Codec-C
09-12-2014 18:22:30 Revo Uninstaller's restore point - S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
09-12-2014 18:23:58 Revo Uninstaller's restore point - Origin90
09-12-2014 18:27:52 Revo Uninstaller's restore point - Tunngle beta
09-12-2014 18:48:24 Revo Uninstaller's restore point - Portal 2
09-12-2014 18:49:43 Revo Uninstaller's restore point - Combined Community Codec Pack 2011-06-26
09-12-2014 18:50:49 Revo Uninstaller's restore point - Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
10-12-2014 09:53:55 Windows Update
11-12-2014 14:09:13 Geplanter Prüfpunkt
16-12-2014 15:27:20 Windows Update
17-12-2014 15:26:19 Geplanter Prüfpunkt
19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt
21-12-2014 00:50:58 Geplanter Prüfpunkt
21-12-2014 13:32:38 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2012-12-20 12:10 - 00000801 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
132.187.1.5	vpngw.uni-wuerzburg.de


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {DA1F86A5-5EB7-4F7E-A896-199CA2C8FB47} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2010-04-13 01:13 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll
2014-12-09 17:36 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000374, Fehleroffset 0x000b06fc,
Prozess-ID 0x440, Anwendungsstartzeit svchost.exe0.


System errors:
=============
Error: (12/21/2014 00:29:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/20/2014 10:23:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/19/2014 03:08:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/19/2014 10:45:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 09:13:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/18/2014 10:58:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 07:38:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (12/17/2014 10:41:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/17/2014 10:40:18 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.


Microsoft Office Sessions:
=========================
Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2014 09:13:24 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (12/18/2014 10:58:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:38:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2014 07:35:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89ntdll.dll6.0.6002.1888151da3e27c0000374000b06fc44001d019dd635bc61e


CodeIntegrity Errors:
===================================
  Date: 2014-12-22 15:43:02.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.338
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.166
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.561
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.388
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:01.179
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.735
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-20 16:10:02.547
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 54%
Total physical RAM: 3326.12 MB
Available physical RAM: 1518.31 MB
Total Pagefile: 6871.21 MB
Available Pagefile: 4528.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:53.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 23.12.2014, 12:05   #20
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
Hosts:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2015, 13:06   #21
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



So, zurück aus dem Urlaub, weiter mit den Ads befassen. Sind nach dem Fix leider immer noch da.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-04 12:57:10 Run:4
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {678c0f35-9d3c-11de-946d-002215f64712} - Iexplores.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {0a432b9c-5628-11e1-8beb-002215f64712} - H:\iStudio.exe
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {45ff7cad-e803-11dd-afeb-8edf4b91f0b7} - G:\INSTALL.EXE
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\MountPoints2: {58376522-d1a8-11e2-85fc-002215f64712} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2014-12-05 21:05 - 2014-12-05 21:05 - 00000000 ____D () C:\Program Files\STab
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
Hosts:
Emptytemp:
         
*****************

"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{678c0f35-9d3c-11de-946d-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{678c0f35-9d3c-11de-946d-002215f64712} => Key not found. 
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a432b9c-5628-11e1-8beb-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{0a432b9c-5628-11e1-8beb-002215f64712} => Key not found. 
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45ff7cad-e803-11dd-afeb-8edf4b91f0b7}" => Key deleted successfully.
HKCR\CLSID\{45ff7cad-e803-11dd-afeb-8edf4b91f0b7} => Key not found. 
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58376522-d1a8-11e2-85fc-002215f64712}" => Key deleted successfully.
HKCR\CLSID\{58376522-d1a8-11e2-85fc-002215f64712} => Key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files\STab => Moved successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 358.2 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 12:57:22 ====
         

Alt 04.01.2015, 15:01   #22
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Nochmal zwei frische Logs mit FRST bitte. In welchem Browser kommen die nochmal? Hast DU auch andere Browser getestet?

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :regfind
    BetterMarkIt
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.01.2015, 20:48   #23
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Die Ads kommen in allen Browsern vor, die ich benutze und teste. Namentlich Opera, Chrome, IE und Firefox.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-01-2015 03
Ran by Admin (administrator) on ADMIN-PC on 04-01-2015 20:43:27
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2007-02-28] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2012-12-10] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2012-12-10] (Cisco Systems, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [28968 2007-08-08] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-30] ()
S3 atxboxfl; C:\Windows\System32\DRIVERS\atxboxfl.sys [25537 2003-12-15] (Compuware Corporation) [File not signed]
S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [27672 2007-08-20] (EnTech Taiwan)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2010-02-03] (LogMeIn, Inc.)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [47616 2008-06-30] (Atheros Communications, Inc.)
S3 LADF_CaptureOnly; C:\Windows\System32\DRIVERS\ladfGSCi386.sys [378568 2011-04-11] (Logitech)
S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2i386.sys [53976 2010-09-29] (Logitech)
S3 LADF_RenderOnly; C:\Windows\System32\DRIVERS\ladfGSRi386.sys [317384 2011-04-11] (Logitech)
S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMi386.sys [335064 2010-09-29] (Logitech)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-30] ()
S3 MRV6X32P; C:\Windows\System32\DRIVERS\MRVW13B.sys [253952 2006-11-02] (Marvell Semiconductor, Inc)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
S3 Razerlow; C:\Windows\System32\Drivers\DB3G.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1170464 2010-03-23] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-01-21] () [File not signed]
S3 W8335XP; C:\Windows\System32\DRIVERS\Mrv8000c.sys [265984 2005-03-25] (Marvell Semiconductor, Inc) [File not signed]
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [56992 2014-12-05] (Corsica)
U3 amj1q44n; C:\Windows\system32\Drivers\amj1q44n.sys [0 ] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:43 - 2015-01-04 20:43 - 00011503 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-04 20:42 - 2015-01-04 20:42 - 00028298 _____ () C:\Users\Admin\Downloads\SystemLook.txt
2015-01-04 20:41 - 2015-01-04 20:41 - 00139264 _____ () C:\Users\Admin\Downloads\SystemLook.exe
2015-01-04 12:48 - 2015-01-04 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-01-04 12:48 - 2015-01-04 12:48 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-12-22 22:32 - 2015-01-04 12:48 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-12-20 16:08 - 2014-12-21 14:48 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2014-12-18 11:43 - 2014-12-18 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VSRevoGroup
2014-12-17 21:13 - 2014-12-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Admin\Downloads\ChromeSetup.exe
2014-12-16 15:07 - 2014-12-16 15:07 - 340246887 _____ () C:\Windows\MEMORY.DMP
2014-12-16 15:07 - 2014-12-16 15:07 - 00144432 _____ () C:\Windows\Minidump\Mini121614-01.dmp
2014-12-10 09:57 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:57 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:54 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-10 09:35 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 09:35 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:35 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:35 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:35 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:35 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:35 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 09:35 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:35 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:35 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:35 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-10 09:35 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 22:30 - 2014-12-09 22:30 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 22:28 - 2014-12-09 22:29 - 01707646 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe
2014-12-09 19:24 - 2014-12-20 16:10 - 00027450 _____ () C:\Users\Admin\Downloads\Addition.txt
2014-12-09 19:23 - 2015-01-04 20:43 - 00000000 ____D () C:\FRST
2014-12-09 19:23 - 2015-01-04 12:57 - 01115136 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-12-09 19:23 - 2014-12-20 16:10 - 00025346 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-12-09 18:28 - 2014-12-09 18:28 - 00000000 ____D () C:\Users\Admin\Documents\Tunngle
2014-12-09 17:36 - 2014-12-09 17:36 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-09 17:36 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-09 17:35 - 2014-12-09 17:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 13:17 - 2014-12-09 13:17 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Opera Software
2014-12-09 01:10 - 2014-12-09 01:10 - 00000000 ____D () C:\Users\Admin\AppData\Local\Opera Software
2014-12-09 01:09 - 2014-12-09 13:16 - 00000000 ____D () C:\Program Files\Opera
2014-12-09 00:52 - 2014-12-09 00:53 - 32532216 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_26.0.1656.32_Setup.exe
2014-12-08 19:42 - 2014-12-08 19:42 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable(1).exe
2014-12-08 19:37 - 2014-12-08 19:37 - 00683648 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2014-12-08 17:44 - 2014-12-08 17:44 - 01174352 _____ () C:\Users\Admin\Downloads\HijackThis - CHIP-Installer.exe
2014-12-08 17:44 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-12-08 17:44 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-12-06 02:50 - 2014-12-06 03:18 - 00000000 ____D () C:\AdwCleaner
2014-12-06 02:50 - 2014-12-06 03:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-06 02:50 - 2014-12-06 02:50 - 02153472 _____ () C:\Users\Admin\Downloads\adwcleaner_4.104.exe
2014-12-06 02:35 - 2014-12-22 20:25 - 00041446 _____ () C:\Windows\PFRO.log
2014-12-05 22:17 - 2014-12-09 12:43 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:16 - 2014-12-08 19:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:16 - 2014-12-05 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:16 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:16 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:14 - 2014-12-05 22:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:07 - 2014-12-05 22:07 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Admin\Downloads\SpyHunter-Installer(1).exe
2014-12-05 21:04 - 2014-12-05 21:04 - 00056992 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-05 21:04 - 2014-12-05 21:04 - 00002393 _____ () C:\Windows\patsearch.bin
2014-12-05 21:04 - 2014-12-05 21:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-05 20:59 - 2014-12-05 20:59 - 00508568 _____ () C:\Users\Admin\Downloads\NeoliveApp_setup_2_ff.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 20:29 - 2008-01-21 02:35 - 02058541 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 20:26 - 2009-04-07 22:12 - 00000431 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-04 20:26 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-04 20:26 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:26 - 2006-11-02 13:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-04 20:24 - 2006-11-02 14:01 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 20:22 - 2012-06-13 15:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 22:32 - 2012-06-13 15:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-22 22:32 - 2011-06-08 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-22 22:31 - 2009-06-29 14:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-12-19 19:40 - 2012-12-19 23:50 - 00000000 ____D () C:\Program Files\Steam
2014-12-19 15:00 - 2010-05-31 18:58 - 00000000 ____D () C:\Program Files\Google
2014-12-19 14:59 - 2010-05-31 18:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-19 01:50 - 2012-11-21 18:30 - 00000000 ____D () C:\Users\Admin\Downloads\Neuer Ordner
2014-12-18 11:18 - 2013-10-25 12:40 - 00000000 ____D () C:\Program Files\Origin
2014-12-17 19:39 - 2011-09-29 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:23 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 15:07 - 2011-06-07 20:20 - 00000000 ____D () C:\Windows\Minidump
2014-12-10 22:32 - 2009-01-04 18:01 - 00000000 ____D () C:\Users\Admin
2014-12-10 18:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-10 18:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 09:57 - 2013-07-19 00:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 09:55 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-09 18:51 - 2009-01-04 18:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-09 18:34 - 2009-01-04 18:02 - 00058872 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 18:30 - 2006-11-02 13:47 - 00256712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 18:28 - 2010-11-03 19:10 - 00000000 _____ () C:\Windows\system32\Access.dat
2014-12-09 18:25 - 2013-02-18 16:50 - 00000000 ____D () C:\Program Files\OriginLab
2014-12-09 18:22 - 2009-02-18 22:15 - 00000000 ____D () C:\Users\Public\Documents\STALKER-SHOC
2014-12-09 18:09 - 2009-01-28 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\Fallout3
2014-12-09 18:07 - 2009-01-24 19:57 - 00000000 ____D () C:\Users\Admin\Documents\My Games
2014-12-09 18:01 - 2010-03-24 21:12 - 00000000 ____D () C:\ProgramData\Solidshield
2014-12-09 12:47 - 2009-01-04 18:02 - 00000949 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-06 02:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\nap
2014-12-06 02:33 - 2012-02-05 16:47 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-05 21:43 - 2013-07-27 02:29 - 00000350 _____ () C:\Users\Admin\Desktop\Welli Futter.txt
2014-12-05 21:43 - 2011-07-13 22:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Media Player Classic
2014-12-05 21:17 - 2009-01-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 20:32

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-04 20:44:21
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.64 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venedig (HKLM\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (Version: 1.00.0000 - Ubisoft) Hidden
ANNO 2070 (HKLM\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.34 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Creative Audio-Systemsteuerung (HKLM\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Der Kleine Turnierplaner 6.7.3.1a (HKLM\...\Der_Deploy_0) (Version: 6.7.3.1a - Der Kleine Turnierplaner)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Eigenschaften von Creative Sound Blaster (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
IEEE 802.11g Wireless Cardbus/PCI Adapter (HKLM\...\InstallShield_{29F15D3F-5B37-44DB-BB89-390B3AD1404E}) (Version: 1.00.0000 - OEM)
IEEE 802.11g Wireless Cardbus/PCI Adapter (Version: 1.00.0000 - OEM) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016F0}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 18 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PDF Image Extraction Wizard 1.2 (HKLM\...\PDF Image Extraction Wizard 1.2_is1) (Version:  - RL Vision)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Play Wireless USB Adapter (HKLM\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin)
Play Wireless USB Adapter (Version: 1.0.0.03 - Belkin) Hidden
Razer Diamondback 3G (HKLM\...\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}) (Version: 5.01 - Razer USA Ltd.)
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sound Blaster Audigy (HKLM\...\{C5828861-B97B-4037-995C-C65E9CC13A3B}) (Version: 1.0 - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
USB GAME PAD (HKLM\...\USB GAME PAD) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2849090330-1973166882-654260307-1000\...\Warcraft III) (Version:  - )
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path

==================== Restore Points  =========================

19-12-2014 14:59:08 Revo Uninstaller's restore point - Google Chrome
20-12-2014 12:34:44 Geplanter Prüfpunkt
21-12-2014 00:50:58 Geplanter Prüfpunkt
21-12-2014 13:32:38 Geplanter Prüfpunkt
23-12-2014 09:47:32 Windows Update
04-01-2015 12:44:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-01-04 12:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {33F6D23F-C849-4766-82FE-8E0F7C926357} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Admin => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {6DD52B62-EAD0-4D72-A080-08A53787DCF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-22] (Adobe Systems Incorporated)
Task: {EC1640A5-19DE-4C81-9A80-C15A9EE0B712} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 ____N () C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
2012-09-28 02:10 - 2012-09-28 02:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2009-05-29 17:34 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SYSTEM32\CmdRtr.DLL
2009-05-29 17:34 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SYSTEM32\APOMngr.DLL
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 ____N () C:\Program Files\Belkin\F7D4101\V1\PBN.exe
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2005-04-12 10:03 - 2005-04-12 10:03 - 00458752 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
2005-04-12 10:44 - 2005-04-12 10:44 - 00049152 _____ () C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FilterHost => C:\Users\Admin\AppData\Roaming\mmserver\FilterHost.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry

========================= Accounts: ==========================

Admin (S-1-5-21-2849090330-1973166882-654260307-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2849090330-1973166882-654260307-500 - Administrator - Disabled)
Gast (S-1-5-21-2849090330-1973166882-654260307-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 01:00:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16599 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1074
Anfangszeit: 01d01b947a478713
Zeitpunkt der Beendigung: 0

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/04/2015 08:27:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (01/04/2015 08:26:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (01/04/2015 01:00:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (01/04/2015 01:00:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000vpnagent

Error: (01/04/2015 00:40:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/23/2014 09:43:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/23/2014 09:42:53 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten.

Error: (12/22/2014 08:27:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt

Error: (12/22/2014 08:25:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.12.2014 um 20:19:56 unerwartet heruntergefahren.

Error: (12/21/2014 00:29:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: ATITool
i8042prt


Microsoft Office Sessions:
=========================
Error: (01/04/2015 08:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 01:00:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 00:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/23/2014 09:43:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:27:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/21/2014 00:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2014 10:23:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/19/2014 03:13:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16599107401d01b947a4787130

Error: (12/19/2014 02:59:07 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c4ec5f44-2586-418e-8e38-b1735b8adf4c}

Error: (12/19/2014 10:45:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 20:44:18.905
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:18.078
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.704
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-04 20:44:17.470
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.709
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-22 15:43:02.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 3326.12 MB
Available physical RAM: 2309.76 MB
Total Pagefile: 6873.21 MB
Available Pagefile: 5922.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150 GB) (Free:55.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Lokaler Datenträger) (Fixed) (Total:315.76 GB) (Free:280.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1214D70B)
Partition 1: (Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=315.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 20:47 on 04/01/2015 by Admin
Administrator - Elevation successful

========== regfind ==========

Searching for "BetterMarkIt"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Users\Admin\Desktop\Adsbybettermarkit2.jpeg"
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List]
"File4"="C:\Users\Admin\Desktop\Adsbybettermarkit2.jpeg"

Searching for "         "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 7\Scsi Bus 0\Target Id 0\Logical Unit Id 0]
"Identifier"="HQRE    5U709YF         1.03"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\ASPEncoder]
"Description"="
        <h3>Das Kernstück Ihres HD-Videoerlebnisses</h3>
        <p>Der Codec, der die Videowelt revolutioniert hat, wurde weiter optimiert. Wir bezeichnen diese Version als „Pro“, da sie zudem fantastische fortschrittliche Encoding-Einstellungen bietet, mit denen Sie mit Drittanbietersoftware hochwertige DivX-Video generieren können, die auf jedem beliebigen DivX Certified®-Gerät wiedergegeben werden können.</p>
        <h3>Gute Gründe für den DivX Codec</h3>
        <ul>
            <li>Erstellen Sie mit Drittanbietersoftware oder mit dem DivX Converter hochwertige, stark komprimierte DivX-Videos.</li>
            <li>Wir garantieren, dass Ihre Videos abgesehen von Deinem PC auch auf DivX Certified-DVD-Playern, Mobiltelefonen, Spielekonsolen uvm. abgespielt werden können.</li>
            <li>Optimieren Sie Ihre Videos mit den fortschrittlichen Encoding-Einstellungen, um hochwertigere Dateien zu erhalten.</li>
        </ul>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
          <p>Der DivX Plus Converter nimmt gängige Videoformate und erstellt auf einfache Weise DivX- oder DivX Plus-Dateien für Ihre DivX Certified®-Geräte.</p>
          <ul>
              <li>Konvertieren Sie die Formate per Drag-&-Drop in .divx (DivX-Video) und .mkv (DivX Plus-Video)</li>
              <li>Erstellen Sie fortschrittliche DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf</li>
              <li>Steuern Sie Ihre Dateien mit den fortschrittlichen Encoding-Optionen</li>
              <li>Vereinen Sie mehrere Videos zu einer .divx- oder .mkv-Datei</li>
              <li>Konvertieren Sie Video-Batches - selbst mit Videos unterschiedlicher Formate - in einer einzigen Sitzung</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\BundleGroups\divx.com]
"BundleGroupDescription"="
        <p>Die DivX Plus-Software enthält alles, was Du für ein kinoähnliches Erlebnis auf Deinem Computer, in Deinem Wohnzimmer und unterwegs benötigst. Für ein optimales Erlebnis mit DivX-Videos <b>empfehlen wir die Komplettinstallation aller Komponenten</b>.</p>
        <h3>Mit DivX Plus-Software kannst Du:</h3>
        <ul>
          <li>Ruckelfreie HD-Videos auf Deinem Computer ansehen</li>
          <li>Videos mühelos an DivX Certified®-Geräte übertragen</li>
          <li>Die fortschrittlichen DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen, genießen</li>
          <li>DivX-Videos auf Deiner Website oder in Deinen Blog integrieren</li>
          <li>Dateien platzsparend in ein DivX-Video umwandeln oder auf DivX-Geräten wiedergeben</li>
        </ul>
        "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
          <p>Mit dem DivX Plus Codec Pack können Sie sich DivX-Videos in Deiner bevorzugten Drittanbieteranwendung ansehen.</p>
          <ul>
              <li>Geben Sie die Formate .divx, .avi und .mkv (DivX- und DivX Plus-Video) auf gängigen Media-Playern (wie beispielsweise dem Windows Media Player, QuickTime, Media Player Classic) wieder</li>
              <li>Erstellen Sie mit Drittanbietersoftware (beispielsweise Virtual Dub) .avi-Dateien (DivX-Video) </li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\Player]
"Description"="
          <p>Der DivX Plus Player ist für das beste Wiedergabeerlebnis auf Deinem PC optimiert.</p>
          <ul>
              <li>Sehen Sie sich ruckelfreie High-Definition-Videos auf Deinem PC an (bis zu 1080 p)</li>
              <li>Einfacher Transfer von Videos an DivX-Geräte</li>
              <li>Erleben Sie die DivX Plus-Features, wie den schnellen und gleichmäßigen Vor- und Rücklauf und das Überspringen von Szenen</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
          <p>Der DivX Plus Web Player ist die ideale Lösung zur Wiedergabe von Videos in Deinem Browser</p>
          <ul>
              <li>Geben Sie DivX- oder DivX Plus HD (.mkv)-Videos - mit bis zu 1080 p HD - in Deinem Browser wieder</li>
              <li>Fügen Sie DivX-Videos</u> auf einfache Weise Deiner Website oder Deinem Blog hinzu</li>
              <li>Sehen Sie sich hochwertige Videos von tausenden von Websites direkt in Deinem Browser an</li>
              <li>Laden Sie Videos herunter, um sie sich später anzusehen</li>
              <li>Genießen Sie mehrere Tonspuren und Untertitel</li>
          </ul>
          "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{64F5AD1E-45AF-4631-80FA-057138BFA713}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
                <Descriptor descriptorID="{7D8397ED-DED4-46f1-BF9E-C41B8D4E4E3E}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{67987CC4-6B79-4c6b-B3F0-3B6D8677BBEC}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{044D131F-D763-4975-9BB4-8C24CC331063}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
                <Descriptor descriptorID
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{771E6CB7-E2D4-4D73-A43F-B68515668A2A}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{0CFCF432-3544-4f78-9426-07A36843E6BA}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{7231EA3A-1ACC-4bcd-9C3A-A60EA6888B6D}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
                <Descriptor descriptorID="{B0DEC59B-3AC4-475e-90F7-242C2A60CA71}"/>
                <Descriptor descriptorID="{762EFF14-8713-4649-884E-2E295E2651B3}"/>
            </Rating>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{75AEE0A2-8640-4a20-8DE5-EC93D8DAB219}"/>
            <Rating ratingSystemID="{7F
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{A11ECBE4-B238-4B74-B2B2-FE5B1B5244C2}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D568A473-87E6-40F5-B26E-19399DB3D3D4}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{C705DCF4-6AFE-4f4f-BC51-21807E4E5CFB}" ratingID="{6948F4DF-FD98-41ea-979A-8364043D7FD6}"/>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E26}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </R
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{E430A83A-7934-4253-8057-C4DDBB7106C9}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{7F2A4D3A-23A8-4123-90E7-D986BF1D9718}" ratingID="{97D9239C-2BA3-4e1d-A710-B626DC4602A6}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946-8BE8-C4D997927C81}" ratingID="{F7066480-67CC-4697-9B47-7E534B74089D}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
            </Rating>
            <Rating ratingSystemID="{5B39D1B8-ED49-4055-8A47-04B29A579AD6}" ratingID="{9AE7AC26-0F9A-4f59-A167-00E4F6C96E
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0003]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="MINI            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_MATSHITA&PROD_DMC-TZ5&REV_0100#0000000000000000006F0218210681#]
"FriendlyName"="DMC-TZ5         "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_TEAC&PROD_MINI&REV_1.00#10082600001327&0#]
"FriendlyName"="MINI            "

-= EOF =-
         

Alt 05.01.2015, 12:56   #24
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Benutzt Du einen WLAN Adapter von Belkin?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.01.2015, 14:13   #25
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Nein, ich benutze ein Netzwerkkabel direkt an den Router.
Habe davor aber mal einen benutzt, war aber mit der Signalstabilität unzufrieden und hab ein Kabel gelegt.

Alt 05.01.2015, 16:48   #26
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
C:\Program Files\Belkin
cmd: ipconfig /flushdns
Hosts:
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.01.2015, 18:10   #27
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Leider keine Besserung in Sicht.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by Admin at 2015-01-05 17:55:14 Run:5
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> No File Path
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk
ShortcutTarget: Play Wireless USB Adapter Utility.lnk -> C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
ShortcutTarget: Wireless Configuration Utility HW.51.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe ()
SearchScopes: HKU\S-1-5-21-2849090330-1973166882-654260307-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
FF Plugin HKU\S-1-5-21-2849090330-1973166882-654260307-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
R2 WLANBelkinService; C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
C:\Program Files\Belkin
cmd: ipconfig /flushdns
Hosts:
Emptytemp:
         
*****************

"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}" => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Play Wireless USB Adapter Utility.lnk => Moved successfully.
C:\Program Files\Belkin\F7D4101\V1\PBN.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk => Moved successfully.
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe => Moved successfully.
HKU\S-1-5-21-2849090330-1973166882-654260307-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKU\S-1-5-21-2849090330-1973166882-654260307-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => Key deleted successfully.
WLANBelkinService => Service stopped successfully.
WLANBelkinService => Service deleted successfully.
C:\Program Files\Belkin => Moved successfully.

=========  ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl�sungscache wurde geleert.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 401.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 17:55:23 ====
         
Was hältst du eigentlich davon einmal mit Combofix zu scannen?
Bin bei Weitem kein Experte auf dem Gebiet, sondern habe nur gelesen, dass es nur in Ausnahmefällen benutzt werden sollte, da es sehr tiefgreifend scannt und löscht.
Da ich aber so langsam die Hoffnung verliere und ohnehin formatieren werde, sollte sich das Problem nicht lösen lassen, wollte ich fragen, ob das sinnvoll wäre.

Alt 05.01.2015, 19:59   #28
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Können wir machen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.01.2015, 21:05   #29
Finlay
 
Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Code:
ATTFilter
ComboFix 15-01-05.01 - Admin 05.01.2015  20:53:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2014 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-05 bis 2015-01-05  ))))))))))))))))))))))))))))))
.
.
2015-01-05 19:58 . 2015-01-05 19:58	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2015-01-05 19:58 . 2015-01-05 19:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-04 11:48 . 2015-01-05 17:40	--------	d-----w-	c:\program files\McAfee Security Scan
2015-01-04 11:44 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{472EE68E-F1FE-46A7-8370-F5BE9F7F8D38}\mpengine.dll
2014-12-22 21:32 . 2015-01-05 17:40	--------	d-----w-	c:\programdata\McAfee Security Scan
2014-12-18 10:43 . 2014-12-18 10:43	--------	d-----w-	c:\users\Admin\AppData\Roaming\VSRevoGroup
2014-12-10 08:57 . 2014-11-04 00:19	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-10 08:57 . 2014-11-07 01:33	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-10 08:54 . 2014-12-03 02:06	278528	----a-w-	c:\windows\system32\schannel.dll
2014-12-09 21:30 . 2014-12-09 21:30	--------	d-----w-	c:\windows\ERUNT
2014-12-09 18:23 . 2015-01-05 16:55	--------	d-----w-	C:\FRST
2014-12-09 16:36 . 2014-12-09 16:36	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-12-09 00:10 . 2014-12-09 00:10	--------	d-----w-	c:\users\Admin\AppData\Local\Opera Software
2014-12-09 00:10 . 2014-12-09 00:10	--------	d-----w-	c:\users\Admin\AppData\Roaming\Opera Software
2014-12-09 00:09 . 2014-12-09 12:16	--------	d-----w-	c:\program files\Opera
2014-12-08 16:44 . 2011-05-13 10:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2014-12-08 16:44 . 2011-03-25 18:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-22 21:32 . 2012-06-13 14:41	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-12-22 21:32 . 2011-06-08 18:49	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 11:43 . 2014-12-05 21:17	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-05 20:04 . 2014-12-05 20:04	56992	----a-w-	c:\windows\system32\drivers\webinstrNewH.sys
2014-11-24 13:04 . 2009-10-02 15:45	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-11-21 05:14 . 2014-12-05 21:16	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-12-05 21:16	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-12-05 21:16	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-19 23:06 . 2014-08-23 07:59	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-10-24 01:04 . 2014-11-13 01:16	67072	----a-w-	c:\windows\system32\packager.dll
2014-10-24 01:03 . 2014-11-20 01:34	499200	----a-w-	c:\windows\system32\kerberos.dll
2014-10-18 01:08 . 2014-11-13 01:15	564224	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-12 23:34 . 2014-11-13 01:11	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-10 01:01 . 2014-11-13 01:17	449536	----a-w-	c:\windows\system32\termsrv.dll
2014-10-10 01:00 . 2014-11-13 01:17	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-10 01:00 . 2014-11-13 01:17	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-09 23:22 . 2014-11-13 01:17	619520	----a-w-	c:\windows\system32\adtschema.dll
2012-05-31 18:31 . 2012-05-31 18:31	22307328	----a-w-	c:\program files\Play Wireless USB Adapter.msi
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilterHost]
2010-01-18 14:35	827392	----a-w-	c:\users\Admin\AppData\Roaming\mmserver\FilterHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
2008-03-28 06:57	14848	----a-w-	c:\windows\System32\P17RunE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2012-12-10 39888]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2012-12-10 58320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21:32]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\miz0y22q.default-1419169810988\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-05 20:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4a,26,ea,2f,ae,34,82,1f,31,09,ad,1c,73,1b,ce,68,47,8d,31,de,e3,33,07,
   78,ba,05,5a,31,0c,ab,87,e9,e4,78,3a,3b,1d,aa,3c,eb,21,6a,e8,fe,8c,c7,19,e5,\
"??"=hex:98,61,e8,de,ca,53,c0,8f,53,21,55,12,3e,40,96,af
.
[HKEY_USERS\S-1-5-21-2849090330-1973166882-654260307-1000\Software\SecuROM\License information*]
"datasecu"=hex:d8,b9,ce,7f,30,34,be,10,91,f6,6a,d2,d7,a4,2c,bb,2d,17,42,20,b2,
   c4,9d,25,ab,b6,6b,49,e3,2f,0b,5d,a1,5d,96,b7,5c,d4,47,27,74,ef,2b,79,bd,96,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Zeit der Fertigstellung: 2015-01-05  20:59:04
ComboFix-quarantined-files.txt  2015-01-05 19:59
ComboFix2.txt  2015-01-05 19:24
.
Vor Suchlauf: 13 Verzeichnis(se), 60.406.521.856 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 60.378.161.152 Bytes frei
.
- - End Of File - - F7C93E4B97882070A4D7051AF4F8B77D
5C616939100B85E558DA92B899A0FC36
         

Alt 06.01.2015, 11:12   #30
schrauber
/// the machine
/// TB-Ausbilder
 

Ads by BetterMarkIt - Standard

Ads by BetterMarkIt



Hab ich erwartet, nämlich nix


Du hast den Router wirklich komplett resettet? Und unmittelbar danach alle Browser komplett zurückgesetzt??

Das ist schon fast unmöglich. Wenn alle Browser betroffen sind muss man was sehen in den Logs, oder es ist der Router.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Ads by BetterMarkIt
ads, bettermarkit, browser, dateien, firefox, gefundene, gefundenen, gelöscht, grüne, installer, installiert, komplett, kriege, links, mehrfach, neu, nichts, opera, popups, problem, ratlos, reset, revo-uninstaller, software, verzweifelt, wanted, überall





Zum Thema Ads by BetterMarkIt - keine Rückmeldung hat nix mit Abstürzen zu tun Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in - Ads by BetterMarkIt...
Archiv
Du betrachtest: Ads by BetterMarkIt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.