Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

haskeer · 10.01.2015, 11:32

Hallo, ich habe mir das kostenlose Tool "Daemon Tools Lite" installiert und vermute, dass die mitgebrachte Adware mein System infiziert hat.

Auslösendes Ereignis war vom Avast Echtzeit Scanner

Code:

ATTFilter

*
* Avast Echtzeit-Schutz-Bericht
* Diese Berichtdatei wurde automatisch erstellt
*
* Start: Freitag, 9. Januar 2015 20:38:55
*

09.01.2015 21:11:29	C:\Program Files (x86)\XTab\BHOEnabler.exe [L] Win32:SupTab-D [Adw] (0)
Datei erfolgreich in Container verschoben...
09.01.2015 21:11:35	C:\Program Files (x86)\XTab\SupTab.dll [L] Win32:SupTab-G [Adw] (0)
Datei erfolgreich in Container verschoben...

*
* Schutz beendet: Freitag, 9. Januar 2015 21:16:07
* Laufzeit war 37 Minute(n), 37 Sekunde(n)

Folgende Schritte habe ich zu bereinigung meines Systems bereits vorgenommen:

1. AdwCleaner Scan N°1

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:14:21
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : WindowsMangerProtect
Dienst Gefunden : IHProtect Service

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml
Datei Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Ordner Gefunden : C:\Users\localhost\AppData\Roaming\mystartsearch

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "E:\Programme\Mozilla Firefox\firefox.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Schlüssel Gefunden : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}

-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default] - Zeile gefunden : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [6510 octets] - [09/01/2015 21:14:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6570 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:15:52
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : IHProtect Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\mystartsearch
Ordner Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\user.js
Datei Gelöscht : C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\searchplugins\mystartsearch.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\localhost\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\mystartsearchSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR&q={searchTerms}");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.mystartsearch.com/?type=hp&ts=1420834199&from=smt&uid=ST1000DM003-1CH162_Z1D91GZRXXXXZ1D91GZR");
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[S0].txt - [5784 octets] - [09/01/2015 21:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5844 octets] ##########

2. Malwarebytes Anti-Malware Scan N°1

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.01.2015
Scan Time: 21:27:43
Logfile: mb1log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.16
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: localhost

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328353
Time Elapsed: 7 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [293bf4018afff83e284cd4948d7634cc], 

Registry Values: 1
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\extensions\fftoolbar2014@etech.com, Quarantined, [95cf4ca9e1a8d75fd13d1f49b44fa15f]

Registry Data: 0
(No malicious items detected)

Folders: 27
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 

Files: 78
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Quarantined, [194b7e77b9d0e45234c16d97da284ab6], 
PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\bitool.dll, Quarantined, [cc98f40195f46bcb4e2b595048bafe02], 
PUP.Optional.Somoto, C:\Users\localhost\AppData\Local\Temp\nsp561.tmp, Quarantined, [76eef0051b6ecf677820906a5ea6ce32], 
PUP.Optional.SupTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_Down.exe, Quarantined, [5b0904f1f396e353a1d6d39211efaa56], 
PUP.Optional.XTab.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\STab_v4.0.exe, Quarantined, [9fc5fcf9f792d95da74e61a38181827e], 
PUP.Optional.WindowsProtectManger.A, C:\Users\localhost\AppData\Local\Temp\~dl69D9\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [94d0906546435ed8abe0b70cef1258a8], 
PUP.Optional.OpenCandy, C:\Users\localhost\Downloads\DTLite4491-0356.exe, Quarantined, [68fcdf16fd8c82b400d8a70d45c04bb5], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\HPNotify.exe, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, Quarantined, [1e467c79b1d8b97d8fe6a3c5ae5545bb], 

Physical Sectors: 0
(No malicious items detected)


(end)

Dann habe ich beim benutzen des Browsers gemerkt, dass noch Adware da ist.

3. AdwCleaner Scan N°2

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:40:27
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default] - Zeile gefunden : user_pref("browser.search.selectedEngine", "webssearches");

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [814 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [933 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:42:03
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)

[vthxdk8n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");

*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [944 octets] - [09/01/2015 21:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1003 octets] ##########

Nun habe ich einen vollständigen Scan mit Avast Antivirus durchgeführt

4. Avast Antivirus Free - Complete Scan
Hier finde ich den log leider nicht. Aber ich habe ein Bild des Ergebnisses. Das Löschen schlug fehl.

5. Avast Antivirus Boot Scan
Als das Löschen fehl schlug führte ich einen Boot Scan durch. Diesen musste ich nach dem Fund aber abbrechen, da der Scan keine Tastatureingabe annahm.

Code:

ATTFilter

01/09/2015 23:18
Prüfung aller lokalen Laufwerke

Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP]
----------------------------------------

6. SBAV - Sophos Boot Antivirus
Anderer Ansatz: Sophos Boot Antivirus auf anderem System erstellt und ausgeführt

Code:

ATTFilter

SWEEP virus detection utility
Version 5.09.0 [Linux/Intel]
Virus data version 5.09, December 2014
Includes detection for 8264368 viruses, Trojans and worms
Copyright (c) 1989-2014 Sophos Limited. All rights reserved.

System time 23:48:56, System date 09 January 2015
Command line qualifiers are: -remove -p=/tmp/sweep-remove-log.txt -all --no-follow-symlinks -bs -mbr -dn -exclude

IDE directory is: /usr/local/sav

Using IDE file cride-en.ide
Using IDE file zbot-jez.ide
Using IDE file age-ajzb.ide
Using IDE file vb-hub.ide
Using IDE file age-ajzk.ide
Using IDE file age-ajzm.ide
Using IDE file age-ajzo.ide
Using IDE file age-ajzr.ide
Using IDE file mdro-ghx.ide
Using IDE file docdl-bp.ide
Using IDE file zbot-jfb.ide
Using IDE file age-akak.ide
Using IDE file fondu-cd.ide
Using IDE file wonto-kg.ide
Using IDE file vb-huc.ide
Using IDE file zbot-jdx.ide
Using IDE file age-akar.ide
Using IDE file mdro-giu.ide
Using IDE file weels-jn.ide
Using IDE file rarma-ac.ide
Using IDE file vb-hun.ide
Using IDE file fondu-cf.ide
Using IDE file age-akbh.ide
Using IDE file age-ajwl.ide
Using IDE file age-akbn.ide
Using IDE file auto-arj.ide
Using IDE file age-akbu.ide
Using IDE file wonto-kq.ide
Using IDE file age-akcb.ide
Using IDE file spyeye-k.ide
Using IDE file msil-ats.ide
Using IDE file zbot-jel.ide
Using IDE file msil-atz.ide
Using IDE file vb-hus.ide
Using IDE file msil-auf.ide
Using IDE file msil-awo.ide
Using IDE file vb-hve.ide
Using IDE file age-akce.ide
Using IDE file rovnix-i.ide
Using IDE file wonto-kv.ide
Using IDE file javab-uy.ide
Using IDE file msil-avd.ide
Using IDE file emote-ac.ide
Using IDE file weels-jt.ide
Using IDE file yakes-aw.ide
Using IDE file docdl-bu.ide
Using IDE file dndown-b.ide
Using IDE file msil-axa.ide
Using IDE file age-akdd.ide
Using IDE file banlo-yv.ide
Using IDE file age-akdo.ide
Using IDE file rtfex-bm.ide
Using IDE file vb-any.ide
Using IDE file auto-arp.ide
Using IDE file wintri-w.ide
Using IDE file age-akea.ide
Using IDE file banlo-yy.ide
Using IDE file msili-dz.ide
Using IDE file docdl-bx.ide
Using IDE file bank-ggg.ide
Using IDE file heofuv-a.ide
Using IDE file fonten-a.ide
Using IDE file msil-avi.ide
Using IDE file banke-ev.ide
Using IDE file vbzbot-y.ide
Using IDE file vawtra-s.ide
Using IDE file wonto-lh.ide
Using IDE file dwnl-mas.ide
Using IDE file html-ad.ide
Using IDE file age-akfm.ide
Using IDE file rans-aoa.ide
Using IDE file msil-ayk.ide
Using IDE file mbrloc-b.ide
Using IDE file fondu-ch.ide
Using IDE file banlo-zb.ide
Using IDE file bank-ggk.ide
Using IDE file msil-awb.ide
Using IDE file zbot-jgf.ide
Using IDE file age-akgh.ide
Using IDE file vb-huq.ide
Using IDE file docdl-by.ide
Using IDE file msil-atx.ide
Using IDE file rans-aob.ide
Using IDE file age-akgj.ide
Using IDE file age-akgo.ide
Using IDE file farei-di.ide
Using IDE file age-akdz.ide
Using IDE file age-akgr.ide
Using IDE file zbot-jgg.ide
Using IDE file age-akhc.ide
Using IDE file fondu-ci.ide
Using IDE file atraps-h.ide
Using IDE file weelso-r.ide
Using IDE file msil-awr.ide
Using IDE file msil-ayv.ide
Using IDE file zbot-jgm.ide
Using IDE file proch-ab.ide
Using IDE file age-akim.ide
Using IDE file msil-azf.ide
Using IDE file tracu-by.ide
Using IDE file java-wd.ide
Using IDE file emote-af.ide
Using IDE file limita-s.ide
Using IDE file dwnl-mav.ide
Using IDE file age-akjj.ide
Using IDE file age-akjl.ide
Using IDE file rans-aod.ide
Using IDE file miner-ab.ide
Using IDE file msil-aya.ide
Using IDE file auto-arw.ide
Using IDE file omdork-c.ide
Using IDE file weels-jw.ide
Using IDE file dnsau-ac.ide
Using IDE file fondu-cj.ide
Using IDE file rans-any.ide
Using IDE file bank-ggp.ide
Using IDE file msil-azy.ide
Using IDE file age-akfc.ide
Using IDE file alure-ao.ide
Using IDE file fondu-ck.ide
Using IDE file jsage-eh.ide
Using IDE file keliho-v.ide
Using IDE file emote-am.ide
Using IDE file mdro-gjk.ide
Using IDE file msil-bae.ide
Using IDE file auto-arz.ide
Using IDE file java-we.ide
Using IDE file msil-bag.ide
Using IDE file age-akfn.ide
Using IDE file zbot-jhc.ide
Using IDE file msil-bai.ide
Using IDE file auto-arg.ide
Using IDE file vb-hxi.ide
Using IDE file rans-aoe.ide
Using IDE file vawtra-z.ide
Using IDE file dinih-bc.ide
Using IDE file vb-hxf.ide
Using IDE file necur-ct.ide
Using IDE file vbage-ad.ide
Using IDE file inje-bhg.ide
Using IDE file zbot-jhg.ide
Using IDE file age-aklf.ide
Using IDE file upatr-ha.ide
Using IDE file auto-asd.ide
Using IDE file auto-ase.ide
Using IDE file jsage-ej.ide
Using IDE file age-akic.ide
Using IDE file zbot-jho.ide
Using IDE file limitl-h.ide
Using IDE file docdl-cg.ide
Using IDE file inje-bhk.ide
Using IDE file rans-aoi.ide
Using IDE file dapat-bb.ide
Using IDE file msil-bbg.ide
Using IDE file vb-hxq.ide
Using IDE file zbot-jht.ide
Using IDE file bank-ggu.ide
Using IDE file backd-kl.ide
Using IDE file msil-bbq.ide
Using IDE file fondu-cl.ide
Using IDE file jsage-el.ide
Using IDE file msil-bbw.ide
Using IDE file age-akmn.ide
Using IDE file age-aknb.ide
Using IDE file mdro-gkd.ide
Using IDE file weels-kd.ide
Using IDE file keylo-qj.ide
Using IDE file rembat-a.ide
Using IDE file emote-as.ide
Using IDE file msil-bch.ide
Using IDE file wonto-lv.ide
Using IDE file msil-bci.ide
Using IDE file dwnl-mbm.ide
Using IDE file foxhie-c.ide
Using IDE file rovnix-j.ide
Using IDE file msil-bcp.ide
Using IDE file vb-hyb.ide
Using IDE file msil-lq.ide
Using IDE file docdl-ck.ide
Using IDE file dwnl-mbr.ide
Using IDE file bank-ggv.ide
Using IDE file wonto-lx.ide
Using IDE file delf-fvf.ide
Using IDE file age-akko.ide
Using IDE file age-akow.ide
Using IDE file hwpexp-a.ide
Using IDE file zegos-de.ide
Using IDE file dridex-c.ide
Using IDE file fondu-co.ide
Using IDE file rans-aon.ide
Using IDE file cutwa-bn.ide
Using IDE file wonto-mb.ide
Using IDE file age-akpq.ide
Using IDE file vb-hyh.ide
Using IDE file wonto-md.ide
Using IDE file graft-ai.ide
Using IDE file yakes-ba.ide
Using IDE file mdro-gjt.ide
Using IDE file bunitu-x.ide
Using IDE file zbot-jih.ide
Using IDE file auto-asm.ide
Using IDE file staser-d.ide
Using IDE file zbot-jhs.ide
Using IDE file cidox-ak.ide
Using IDE file bondat-i.ide
Using IDE file simda-cj.ide
Using IDE file mdro-gkn.ide
Using IDE file swfex-eu.ide
Using IDE file buzus-ik.ide
Using IDE file msil-bfb.ide
Using IDE file age-akmy.ide
Using IDE file dwnl-mck.ide
Using IDE file msil-bfd.ide
Using IDE file age-akng.ide
Using IDE file age-aksg.ide
Using IDE file age-aksk.ide
Using IDE file derusb-o.ide
Using IDE file msil-bfe.ide
Using IDE file graft-aj.ide
Using IDE file urelas-x.ide
Using IDE file tinba-k.ide
Using IDE file wonto-mf.ide
Using IDE file mfckry-b.ide
Using IDE file msil-lw.ide
Using IDE file msil-bcx.ide
Using IDE file zbot-jis.ide
Using IDE file age-aktg.ide
Using IDE file age-aktl.ide
Using IDE file age-akub.ide
Using IDE file age-akuf.ide
Using IDE file rans-aoy.ide
Using IDE file sefni-cm.ide
Using IDE file rans-apa.ide
Using IDE file msil-bfq.ide
Using IDE file miner-ad.ide
Using IDE file age-akva.ide
Using IDE file hollin-a.ide
Using IDE file sefni-cn.ide
Using IDE file yakes-bb.ide
Using IDE file age-akpm.ide
Using IDE file zbot-jiy.ide
Using IDE file vawtr-ah.ide
Using IDE file age-akvr.ide
Using IDE file rans-aop.ide
Using IDE file bred-aos.ide
Using IDE file age-akqt.ide
Using IDE file docdl-cx.ide
Using IDE file dyreza-v.ide
Using IDE file upatr-hf.ide
Using IDE file delf-fvc.ide
Using IDE file age-akwa.ide
Using IDE file age-akru.ide
Using IDE file farei-dk.ide
Using IDE file blada-b.ide
Using IDE file pws-chh.ide
Using IDE file atraps-k.ide
Using IDE file age-akwc.ide
Using IDE file msil-bfz.ide
Using IDE file rans-apd.ide
Using IDE file age-akwe.ide
Using IDE file inje-big.ide
Using IDE file age-aksj.ide
Using IDE file banlo-zl.ide
Using IDE file age-akwm.ide
Using IDE file bladab-h.ide
Using IDE file cidox-al.ide
Using IDE file weels-kz.ide
Using IDE file rans-ape.ide
Using IDE file docdl-dc.ide
Using IDE file banlo-zm.ide
Using IDE file banlo-zn.ide
Using IDE file rans-apf.ide
Using IDE file age-akxn.ide
Using IDE file vawtra-a.ide
Using IDE file age-akxx.ide
Using IDE file limita-t.ide
Using IDE file fondu-cs.ide
Using IDE file bckd-rsq.ide
Using IDE file papra-aq.ide
Using IDE file kovter-j.ide
Using IDE file zusy-w.ide
Using IDE file auto-asw.ide
Using IDE file puves-b.ide
Using IDE file kuluo-ct.ide
Using IDE file bckd-rsr.ide
Using IDE file vb-hyu.ide
Using IDE file age-akvl.ide
Using IDE file javab-vi.ide
Using IDE file msil-bft.ide
Using IDE file inje-bii.ide
Using IDE file dwnl-mcs.ide
Using IDE file msil-bgq.ide
Using IDE file silly-lx.ide
Using IDE file age-akvw.ide
Using IDE file zbot-jja.ide
Using IDE file msil-bgu.ide
Using IDE file zbot-sz.ide
Using IDE file miure-aa.ide
Using IDE file dwnl-mcu.ide
Using IDE file dwnl-mcv.ide
Using IDE file vawtr-ai.ide
Using IDE file age-akyq.ide
Using IDE file revet-ed.ide
Using IDE file vbs-el.ide
Using IDE file inje-bij.ide
Using IDE file msili-ek.ide
Using IDE file msil-bgw.ide
Using IDE file weels-lf.ide
Using IDE file weels-lg.ide
Using IDE file age-akzi.ide
Using IDE file age-akxh.ide
Using IDE file age-akxi.ide
Using IDE file vbzbo-ae.ide
Using IDE file age-akxv.ide
Using IDE file age-akzj.ide
Using IDE file fondu-cv.ide
Using IDE file wonto-mi.ide
Using IDE file javab-vj.ide
Using IDE file mdro-gkk.ide
Using IDE file mdro-gkv.ide
Using IDE file age-akzo.ide
Using IDE file zbot-jiu.ide
Using IDE file rans-apb.ide
Using IDE file zbot-jjt.ide
Using IDE file vbinj-kf.ide
Using IDE file auto-asn.ide
Using IDE file rans-api.ide
Using IDE file delf-fvm.ide
Using IDE file age-akun.ide
Using IDE file age-akuz.ide
Using IDE file msil-bgx.ide
Using IDE file msil-bgy.ide
Using IDE file age-akzp.ide
Using IDE file msil-bgz.ide
Using IDE file age-akzq.ide
Using IDE file age-akzr.ide
Using IDE file delf-fvn.ide
Using IDE file neurev-n.ide
Using IDE file bank-ghj.ide
Using IDE file msil-bgt.ide
Using IDE file msil-bhc.ide
Using IDE file kovter-k.ide
Using IDE file wonto-mm.ide
Using IDE file vb-hzf.ide
Using IDE file age-alaj.ide
Using IDE file hkmai-bz.ide
Using IDE file msil-bhf.ide
Using IDE file dridex-j.ide
Using IDE file banc-cap.ide
Using IDE file rans-apj.ide
Using IDE file qbot-ci.ide
Using IDE file fondu-cz.ide
Using IDE file inje-bil.ide
Using IDE file zbot-jjx.ide
Using IDE file age-alaw.ide
Using IDE file sefni-cp.ide
Using IDE file docdl-dg.ide
Using IDE file feret-l.ide
Using IDE file msil-bhv.ide
Using IDE file inje-bip.ide
Using IDE file boaxx-aj.ide
Using IDE file fondu-db.ide
Using IDE file zbot-jjy.ide
Using IDE file banlo-zs.ide
Using IDE file bank-ghl.ide
Using IDE file vb-hzm.ide
Using IDE file fondu-dc.ide
Using IDE file bckd-rss.ide
Using IDE file msil-bia.ide
Using IDE file vb-hzs.ide
Using IDE file zbot-jjz.ide
Using IDE file msil-bif.ide
Using IDE file limita-y.ide

Quick Sweeping


1 master boot record swept.
3 boot sectors swept.
374302 files swept in 57 minutes and 6 seconds.
No viruses were discovered.
End of Sweep.

7. Avast Antivirus Boot Scan N°2
Heute morgen habe ich dann den Bootscan nochmal ausgeführt nachdem Sophos nichts gefunden hat. Win32:Somoto-J und Wind32:Somoto-R wurden erfolgreich in Quarantäne verschoben.

Code:

ATTFilter

01/10/2015 08:12
Prüfung aller lokalen Laufwerke

Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0QWP0B0\BiTool[1].dll ist infiziert von Win32:Somoto-J [PUP], In Container verschoben
Datei C:\Users\localhost\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBODEA7G\setup[1].exe ist infiziert von Win32:Somoto-R [PUP], In Container verschoben
Datei C:\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\ProgramData\Package Cache\943AF34AE1A51C1285046AC828104E7ACB381F63\packages\dotNetFramework\NDP451-KB2858728-x86-x64-AllOS-DEU.exe Fehler 42110 {Die Datei ist eine Archivbombe.}
Datei C:\Windows\SoftwareDistribution\Download\5618ce1d4deba09cfb6cb626c97e7eb7\BITC767.tmp|>2 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp|>mscordbi_dll_amd64 Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\b658c97998a866ba531cb3f65306185c\BIT9170.tmp|>.\.\.\NDP45-KB2750147.msp Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-16 190000\Backup files 7.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-23 190001\Backup files 16.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 28.zip|>C\Users\localhost\Downloads\eclipse-jee-luna-SR1-win32-x86_64.zip|>eclipse\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 30.zip|>C\Users\localhost\Downloads\Sculptris-Alpha6-Windows.zip|>Sculptris Alpha 6.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Programme\Steam\SteamApps\common\Counter-Strike Source\cstrike\cache\tbody.vtf.bz20000|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 72098
Anzahl der geprüften Dateien: 2612729
Anzahl infizierter Dateien: 2

Ich habe noch ein paar weitere Scans mit AdwCleaner und Malwarebytes Anti-Malware durchgeführt, jedoch wurde nichts gefunden.

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:09:09
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [776 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [955 octets] ##########

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 08:10:38
# Aktualisiert 07/01/2015 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : localhost - LOCALHOST-PC
# Gestartet von : C:\Users\localhost\Downloads\adwcleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.2 (x86 de)


*************************

AdwCleaner[R0].txt - [6686 octets] - [09/01/2015 21:14:21]
AdwCleaner[R1].txt - [1012 octets] - [09/01/2015 21:40:27]
AdwCleaner[R2].txt - [1034 octets] - [10/01/2015 08:09:09]
AdwCleaner[S0].txt - [5948 octets] - [09/01/2015 21:15:52]
AdwCleaner[S1].txt - [1083 octets] - [09/01/2015 21:42:03]
AdwCleaner[S2].txt - [957 octets] - [10/01/2015 08:10:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1016 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.01.2015
Scan Time: 21:44:45
Logfile: mb2log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.09.16
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: localhost

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328354
Time Elapsed: 27 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Meine verbleibende Sorge liegt bei den 12 dll's. Avast war unfähig diese zu löschen. Und ich konnte nicht erkennen, dass diese durch den Bootscan entfernt wurden.
Ich habe gerade händisch nachgeschaut. Sie sind noch da.

Grüße

haskeer

schrauber · 10.01.2015, 11:41

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

haskeer · 10.01.2015, 12:09

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by localhost (administrator) on LOCALHOST-PC on 10-01-2015 12:04:54
Running from C:\Users\localhost\Downloads
Loaded Profile: localhost (Available profiles: localhost)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) E:\Programme\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) E:\Programme\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe
(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Curse) C:\Users\localhost\AppData\Local\Apps\2.0\RRKNY4KZ.L79\JYVZ70BL.RTB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Akamai Technologies, Inc.) C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) E:\Programme\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Disc Soft Ltd) E:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Autodesk Inc.) C:\Users\localhost\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Mozilla Corporation) E:\Programme\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => E:\Programme\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-05] (AVAST Software)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [Skype] => E:\Programme\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [Akamai NetSession Interface] => C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [SandboxieControl] => E:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\MountPoints2: {17fcfb7a-9837-11e4-8ec9-d850e6bac9e0} - F:\vs_ultimate.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-06] (Microsoft Corporation)
Startup: C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2912928233-343445893-3736102554-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Color Inspector 3D - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\colorinspector3d@davidfichtmueller.de.xpi [2014-11-22]
FF Extension: youtubereplay - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\jid0-VuYraOOT2NM2AcnQwG4APKol3Vs@jetpack.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Programme\AVAST Software\Avast\WebRep\FF [2014-11-04]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - E:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-04] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-25] ()
R2 SbieSvc; E:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-09] (Disc Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2013-04-03] (Creative Technology Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 SbieDrv; E:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 12:04 - 2015-01-10 12:05 - 00014362 _____ () C:\Users\localhost\Downloads\FRST.txt
2015-01-10 12:04 - 2015-01-10 12:04 - 02124288 _____ (Farbar) C:\Users\localhost\Downloads\FRST64.exe
2015-01-10 12:04 - 2015-01-10 12:04 - 00000000 ____D () C:\FRST
2015-01-10 11:31 - 2015-01-10 11:32 - 00040282 _____ () C:\Users\localhost\Desktop\trojboardbeitrag.txt
2015-01-09 23:10 - 2015-01-09 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-01-09 23:10 - 2015-01-09 23:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-01-09 23:05 - 2015-01-09 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-01-09 23:05 - 2015-01-09 23:05 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-01-09 22:59 - 2015-01-09 23:04 - 00000000 ____D () C:\Users\localhost\Documents\Visual Studio 2013
2015-01-09 22:59 - 2015-01-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-01-09 22:50 - 2015-01-09 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Deutsch
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
2015-01-09 22:47 - 2015-01-09 22:47 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2015-01-09 22:47 - 2015-01-09 22:47 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation
2015-01-09 22:43 - 2015-01-09 22:43 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-01-09 22:43 - 2015-01-09 22:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-09 22:40 - 2015-01-09 22:57 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Program Files\Application Verifier
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-01-09 22:39 - 2015-01-09 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-01-09 22:37 - 2015-01-09 22:37 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-01-09 22:34 - 2015-01-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-09 22:31 - 2015-01-09 22:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\Program Files\IIS Express
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\ProgramData\NuGet
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-01-09 22:29 - 2015-01-09 22:29 - 00000000 ____D () C:\Program Files\IIS
2015-01-09 22:29 - 2015-01-09 22:29 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-01-09 22:16 - 2015-01-09 22:25 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Windows\symbols
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-01-09 22:13 - 2015-01-09 22:44 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-09 22:13 - 2015-01-09 22:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-09 22:13 - 2015-01-09 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-01-09 22:13 - 2015-01-09 22:20 - 00000000 ____D () C:\Windows\SysWOW64\1031
2015-01-09 22:13 - 2015-01-09 22:15 - 00000000 ____D () C:\Windows\system32\1033
2015-01-09 22:13 - 2015-01-09 22:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-01-09 22:07 - 2015-01-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-01-09 22:07 - 2015-01-09 22:13 - 00000000 ____D () C:\Windows\system32\1031
2015-01-09 22:07 - 2015-01-09 22:07 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2015-01-09 21:30 - 2015-01-09 21:32 - 01150260 _____ () C:\Users\localhost\dumpfile.xml
2015-01-09 21:30 - 2015-01-09 21:32 - 00013199 _____ () C:\Users\localhost\summary.txt
2015-01-09 21:25 - 2015-01-10 11:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 21:25 - 2015-01-09 21:25 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 21:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 21:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 21:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 21:14 - 2015-01-10 08:10 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:14 - 2015-01-09 21:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\localhost\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 21:13 - 2015-01-09 21:13 - 02191360 _____ () C:\Users\localhost\Downloads\adwcleaner_4.107.exe
2015-01-09 21:08 - 2015-01-09 21:08 - 00000857 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-01-09 21:05 - 2015-01-09 21:45 - 00000000 ____D () C:\Users\localhost\AppData\Roaming\DAEMON Tools Lite
2015-01-09 21:05 - 2015-01-09 21:09 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-09 21:05 - 2015-01-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-09 21:04 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-08 04:13 - 2015-01-08 04:14 - 00351881 _____ () C:\Users\localhost\Downloads\MarketHelper-1.1.apk
2015-01-07 22:36 - 2015-01-07 22:42 - 157694716 _____ () C:\Users\localhost\Downloads\gapps-kk-20140606-signed.zip
2015-01-07 21:28 - 2015-01-07 21:39 - 162927577 _____ () C:\Users\localhost\Downloads\gapps-lp-20141109-signed.zip
2015-01-07 20:16 - 2015-01-07 20:16 - 00000000 ____D () C:\Users\localhost\.android
2015-01-07 19:49 - 2015-01-08 04:29 - 00000000 ____D () C:\Users\localhost\AppData\Local\Genymobile
2015-01-07 19:49 - 2015-01-08 03:47 - 00000000 ____D () C:\Users\localhost\.VirtualBox
2015-01-07 19:48 - 2015-01-07 19:48 - 00001083 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-07 19:48 - 2015-01-07 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-07 19:48 - 2015-01-07 19:48 - 00000000 ____D () C:\Program Files\Oracle
2015-01-07 19:48 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-07 19:48 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-07 19:46 - 2015-01-07 19:46 - 00000825 _____ () C:\Users\Public\Desktop\Genymotion.lnk
2015-01-07 19:46 - 2015-01-07 19:46 - 00000822 _____ () C:\Users\Public\Desktop\Genymotion Shell.lnk
2015-01-07 19:46 - 2015-01-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2015-01-07 19:36 - 2015-01-07 19:40 - 123177592 _____ (Genymobile ) C:\Users\localhost\Downloads\genymotion-2.3.1-vbox.exe
2015-01-06 14:57 - 2015-01-06 14:57 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieUserList
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieSiteList
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieBrowserModeList
2014-12-18 10:08 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 12:05 - 2014-11-04 16:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 11:52 - 2009-07-14 05:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:52 - 2009-07-14 05:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:49 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-01-10 11:49 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-01-10 11:49 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 11:48 - 2014-11-04 10:23 - 01087743 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 11:47 - 2014-11-04 15:31 - 00000000 ____D () C:\Users\localhost\AppData\Roaming\Skype
2015-01-10 11:46 - 2014-11-07 21:59 - 00000000 ____D () C:\Users\localhost\AppData\Local\Deployment
2015-01-10 11:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 11:45 - 2009-07-14 05:51 - 00044624 _____ () C:\Windows\setupact.log
2015-01-10 10:00 - 2014-11-04 15:06 - 00298308 _____ () C:\Windows\PFRO.log
2015-01-10 03:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-10 01:22 - 2009-07-14 05:45 - 00288576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-09 23:15 - 2014-11-04 15:47 - 00000000 ____D () C:\Users\localhost\AppData\Local\Battle.net
2015-01-09 23:13 - 2014-11-04 10:42 - 00062640 _____ () C:\Users\localhost\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 22:56 - 2014-11-04 10:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 22:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-09 22:37 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-09 22:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-09 22:05 - 2014-11-04 10:55 - 01591948 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-09 21:30 - 2014-11-04 10:38 - 00000000 ____D () C:\Users\localhost
2015-01-09 21:15 - 2014-11-04 15:16 - 00000696 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-09 21:15 - 2014-11-04 15:16 - 00000696 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-09 21:15 - 2014-11-04 10:39 - 00001010 _____ () C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 17:58 - 2014-11-28 13:07 - 00001596 _____ () C:\Windows\Sandboxie.ini
2015-01-08 13:03 - 2014-11-04 16:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 13:03 - 2014-11-04 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 13:03 - 2014-11-04 16:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-08 13:03 - 2014-11-04 16:03 - 00000000 ____D () C:\Users\localhost\AppData\Local\Adobe
2015-01-06 14:57 - 2014-11-04 15:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2014-11-04 15:03 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 13:08 - 2014-11-04 15:10 - 00004174 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-11 00:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\localhost\AppData\Local\Temp\AcDeltree.exe
C:\Users\localhost\AppData\Local\Temp\jmwaghdr.dll
C:\Users\localhost\AppData\Local\Temp\Quarantine.exe
C:\Users\localhost\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\localhost\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 18:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by localhost at 2015-01-10 12:05:30
Running from C:\Users\localhost\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{5EE7BFEA-46FB-7266-D8A0-F7856EB65D05}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Mudbox 2015 (HKLM\...\Autodesk Mudbox 2015) (Version: 9.0.0.1383 - Autodesk)
Autodesk Mudbox 2015 (Version: 9.0.0.1383 - Autodesk) Hidden
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.1 (x32 Version: 1.1.20410.1601 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{1a3b012e-1e4d-4929-8980-35d33968e593}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio*2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Firefox 34.0.5 (x86 de) (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
Nosgoth (HKLM-x32\...\Steam App 200110) (Version:  - Psyonix)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools - Umleitungsvorlage (x32 Version: 1.1 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster X-Fi Go! Pro (HKLM-x32\...\{587B7A6F-CA1F-4639-9083-16F9BB2363B4}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2912928233-343445893-3736102554-1000_Classes\CLSID\{487bf12d-ef06-4079-9a9c-87c9e7627fb7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2912928233-343445893-3736102554-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

06-01-2015 23:55:39 Windows Update
07-01-2015 19:46:59 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
07-01-2015 19:48:22 Installed Oracle VM VirtualBox 4.2.12
09-01-2015 21:09:03 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
09-01-2015 21:46:37 Microsoft Visual Studio Ultimate 2013
09-01-2015 21:47:31 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
09-01-2015 21:48:35 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
09-01-2015 22:25:33 DirectX wurde installiert
09-01-2015 22:46:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3A19EB0B-BE0B-42FD-BD72-0B0A85D9BA56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08] (Adobe Systems Incorporated)
Task: {8D5290DD-4075-421C-9946-B9B60934B048} - System32\Tasks\avast! Emergency Update => E:\Programme\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-04] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 21:57 - 2013-09-11 21:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-09-11 21:57 - 2013-09-11 21:57 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-25 11:42 - 2014-11-25 11:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-05 18:46 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-05 18:46 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-11-07 22:02 - 2014-11-07 22:01 - 00016384 _____ () C:\Users\localhost\AppData\Local\Apps\2.0\RRKNY4KZ.L79\JYVZ70BL.RTB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-11-07 22:02 - 2014-11-07 22:01 - 00035840 _____ () C:\Users\localhost\AppData\Local\Apps\2.0\RRKNY4KZ.L79\JYVZ70BL.RTB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-11-07 22:02 - 2014-11-07 22:01 - 00099840 _____ () C:\Users\localhost\AppData\Local\Apps\2.0\RRKNY4KZ.L79\JYVZ70BL.RTB\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2014-11-04 10:47 - 2011-12-06 02:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-04 10:47 - 2011-12-06 02:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-11 21:57 - 2013-09-11 21:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-01-10 10:09 - 2015-01-10 10:09 - 02909696 _____ () E:\Programme\AVAST Software\Avast\defs\15011000\algo.dll
2014-11-22 22:22 - 2014-09-04 04:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-11-22 22:22 - 2014-09-04 04:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-11-04 15:09 - 2014-11-04 15:09 - 38561576 _____ () E:\Programme\AVAST Software\Avast\libcef.dll
2014-11-05 18:46 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-11-05 18:46 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-01-10 11:46 - 2014-09-04 04:41 - 00104328 _____ () C:\Users\localhost\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-11-13 20:57 - 2014-12-11 00:22 - 03758192 _____ () E:\Programme\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2912928233-343445893-3736102554-500 - Administrator - Disabled)
Gast (S-1-5-21-2912928233-343445893-3736102554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2912928233-343445893-3736102554-1003 - Limited - Enabled)
localhost (S-1-5-21-2912928233-343445893-3736102554-1000 - Administrator - Enabled) => C:\Users\localhost

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 03:28:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a because of the following error: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040).

Error: (01/10/2015 03:20:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07

Error: (01/10/2015 03:20:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:32 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:27 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07

Error: (01/10/2015 03:13:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:13:42 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:13:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\SecAnnotate.exe . Error code = 0x80131f07


System errors:
=============
Error: (01/10/2015 01:21:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Autodesk Application Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/09/2015 09:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 03:28:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a because of the following error: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040).
Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (01/10/2015 03:20:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07 
E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe

Error: (01/10/2015 03:20:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07 
E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe

Error: (01/10/2015 03:14:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe

Error: (01/10/2015 03:14:32 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe

Error: (01/10/2015 03:14:27 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe

Error: (01/10/2015 03:14:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe

Error: (01/10/2015 03:13:44 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe

Error: (01/10/2015 03:13:42 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\WinMDExp.exe

Error: (01/10/2015 03:13:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\SecAnnotate.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools\SecAnnotate.exe


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 29%
Total physical RAM: 8174.12 MB
Available physical RAM: 5764.23 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13508.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:102.44 GB) (Free:44.76 GB) NTFS
Drive e: (DATA) (Fixed) (Total:726.43 GB) (Free:562.53 GB) NTFS
Drive f: (VS2013_2_ULT_DEU) (CDROM) (Total:5.79 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 258E8B12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=102.5 GB) - (Type=05)
Partition 4: (Not Active) - (Size=726.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Zu den Partitionen:

Disk: 0 (Size: 931.5 GB) (Disk ID: 258E8B12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) => die 100 MB Windows Systempartition
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS) => Windows 7
Partition 3: (Not Active) - (Size=102.5 GB) - (Type=05) => XUbuntu
Partition 4: (Not Active) - (Size=726.4 GB) - (Type=07 NTFS) => Daten (Kein System)

schrauber · 10.01.2015, 13:23

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

haskeer · 10.01.2015, 14:32

Eine Frage:
Mein Avast Antivirus, Malwarebytes Anti-Malware und die Windows Firewall sollen aktiv sein wenn ich SecurityCheck ausführe, oder?

schrauber · 10.01.2015, 14:56

Firewall kann immer anbleiben. Rest eigentlich auch, ausser bei dem Onlinescan.

haskeer · 10.01.2015, 19:55

Habe wie vorgegeben beim ESET Scan die Firewall und die Virenscanner aus gehabt. Zudem habe ich die mit diesem Computer genutzen Festplatten und USB-Sticks angeschlossen, damit diese auch geprüft werden.

Der 4. und 5. Fund von 5 Funden sind sehr wahrscheinlich die wiederholung des 2. und 3. Fundes. Und zwar deshalb, weil ich auf E: ein Backup von C: habe. (Ich weiß ein Backup von Dateien auf der selben Logischen Platte macht kein Sinn.

)

ESET log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=738ea97fb626c843b457db2d57f8a1bd
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 06:23:03
# local_time=2015-01-10 07:23:03 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 5705444 5807685 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 43937 172544033 0 0
# scanned=569264
# found=5
# cleaned=0
# scan_time=17738
sh=9DF3638EE93AB2DB89A89AC6B67BF088DC64416B ft=1 fh=c71c00110e78363b vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\localhost\AppData\Local\Temp\DMR\dmr_72.exe"
sh=8960D3CFF66232C49320883E5F16CEC3AA89C03B ft=1 fh=4cbd7903296af094 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\localhost\Downloads\Sandboxie - CHIP-Installer.exe"
sh=AC580F9F28AEF12D469BBDFADA939C71D7D05965 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\LOCALHOST-PC\Backup Set 2014-11-04 145122\Backup Files 2014-11-30 190000\Backup files 3.zip"
sh=2B0F20E56625E225DF3832F87F7FDE94BA5B8B09 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="E:\LOCALHOST-PC\Backup Set 2014-12-14 190001\Backup Files 2014-12-14 190001\Backup files 9.zip"

checkup.txt

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Visual Studio Extensions for Windows Library for JavaScript 
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.235  
 Mozilla Firefox 33.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by localhost (administrator) on LOCALHOST-PC on 10-01-2015 19:39:16
Running from C:\Users\localhost\Downloads
Loaded Profile: localhost (Available profiles: localhost)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) E:\Programme\AVAST Software\Avast\AvastSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Akamai Technologies, Inc.) C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe
(Sandboxie Holdings, LLC) E:\Program Files\Sandboxie\SbieCtrl.exe
(Akamai Technologies, Inc.) C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(AVAST Software) E:\Programme\AVAST Software\Avast\avastui.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) E:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Autodesk Inc.) C:\Users\localhost\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Mozilla Corporation) E:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Users\localhost\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => E:\Programme\AVAST Software\Avast\AvastUI.exe [5223016 2014-11-05] (AVAST Software)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [Skype] => E:\Programme\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [Akamai NetSession Interface] => C:\Users\localhost\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [SandboxieControl] => E:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Run: [DAEMON Tools Lite] => E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\MountPoints2: {17fcfb7a-9837-11e4-8ec9-d850e6bac9e0} - F:\vs_ultimate.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-06] (Microsoft Corporation)
Startup: C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Programme\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2912928233-343445893-3736102554-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2912928233-343445893-3736102554-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Color Inspector 3D - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\colorinspector3d@davidfichtmueller.de.xpi [2014-11-22]
FF Extension: youtubereplay - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\jid0-VuYraOOT2NM2AcnQwG4APKol3Vs@jetpack.xpi [2014-12-17]
FF Extension: Adblock Plus - C:\Users\localhost\AppData\Roaming\Mozilla\Firefox\Profiles\vthxdk8n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Programme\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Programme\AVAST Software\Avast\WebRep\FF [2014-11-04]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - E:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; E:\Programme\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-04] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-25] ()
R2 SbieSvc; E:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-09] (Disc Soft Ltd)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2013-04-03] (Creative Technology Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 SbieDrv; E:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 19:25 - 2015-01-10 19:25 - 00852505 _____ () C:\Users\localhost\Downloads\SecurityCheck.exe
2015-01-10 14:15 - 2015-01-10 14:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-10 14:09 - 2015-01-10 14:09 - 02347384 _____ (ESET) C:\Users\localhost\Downloads\esetsmartinstaller_deu.exe
2015-01-10 12:05 - 2015-01-10 12:05 - 00035926 _____ () C:\Users\localhost\Downloads\Addition.txt
2015-01-10 12:04 - 2015-01-10 19:39 - 00014516 _____ () C:\Users\localhost\Downloads\FRST.txt
2015-01-10 12:04 - 2015-01-10 19:39 - 00000000 ____D () C:\FRST
2015-01-10 12:04 - 2015-01-10 12:04 - 02124288 _____ (Farbar) C:\Users\localhost\Downloads\FRST64.exe
2015-01-10 11:31 - 2015-01-10 11:32 - 00040282 _____ () C:\Users\localhost\Desktop\trojboardbeitrag.txt
2015-01-09 23:10 - 2015-01-09 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-01-09 23:10 - 2015-01-09 23:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-01-09 23:05 - 2015-01-09 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-01-09 23:05 - 2015-01-09 23:05 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-01-09 22:59 - 2015-01-09 23:04 - 00000000 ____D () C:\Users\localhost\Documents\Visual Studio 2013
2015-01-09 22:59 - 2015-01-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-01-09 22:50 - 2015-01-09 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK - Deutsch
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files\Microsoft Identity Extensions
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files (x86)\Workflow Manager Tools
2015-01-09 22:48 - 2015-01-09 22:48 - 00000000 ____D () C:\Program Files (x86)\Open XML SDK
2015-01-09 22:47 - 2015-01-09 22:47 - 00000000 ____D () C:\Program Files\Windows Identity Foundation
2015-01-09 22:47 - 2015-01-09 22:47 - 00000000 ____D () C:\Program Files (x86)\Windows Identity Foundation
2015-01-09 22:43 - 2015-01-09 22:43 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-01-09 22:43 - 2015-01-09 22:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-09 22:40 - 2015-01-09 22:57 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Program Files\Application Verifier
2015-01-09 22:40 - 2015-01-09 22:40 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-01-09 22:39 - 2015-01-09 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-01-09 22:37 - 2015-01-09 22:37 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-01-09 22:34 - 2015-01-09 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-09 22:31 - 2015-01-09 22:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\Program Files\IIS Express
2015-01-09 22:31 - 2015-01-09 22:31 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\ProgramData\NuGet
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-01-09 22:30 - 2015-01-09 22:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-01-09 22:29 - 2015-01-09 22:29 - 00000000 ____D () C:\Program Files\IIS
2015-01-09 22:29 - 2015-01-09 22:29 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-01-09 22:16 - 2015-01-09 22:25 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Windows\symbols
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\Windows Phone Kits
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-01-09 22:16 - 2015-01-09 22:16 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-01-09 22:13 - 2015-01-09 22:44 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-09 22:13 - 2015-01-09 22:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-09 22:13 - 2015-01-09 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-01-09 22:13 - 2015-01-09 22:20 - 00000000 ____D () C:\Windows\SysWOW64\1031
2015-01-09 22:13 - 2015-01-09 22:15 - 00000000 ____D () C:\Windows\system32\1033
2015-01-09 22:13 - 2015-01-09 22:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-01-09 22:07 - 2015-01-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-01-09 22:07 - 2015-01-09 22:13 - 00000000 ____D () C:\Windows\system32\1031
2015-01-09 22:07 - 2015-01-09 22:07 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 12.0
2015-01-09 21:30 - 2015-01-09 21:32 - 01150260 _____ () C:\Users\localhost\dumpfile.xml
2015-01-09 21:30 - 2015-01-09 21:32 - 00013199 _____ () C:\Users\localhost\summary.txt
2015-01-09 21:25 - 2015-01-10 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-09 21:25 - 2015-01-09 21:25 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 21:25 - 2015-01-09 21:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 21:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 21:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 21:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 21:14 - 2015-01-10 08:10 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:14 - 2015-01-09 21:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\localhost\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 21:13 - 2015-01-09 21:13 - 02191360 _____ () C:\Users\localhost\Downloads\adwcleaner_4.107.exe
2015-01-09 21:08 - 2015-01-09 21:08 - 00000857 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-01-09 21:05 - 2015-01-09 21:45 - 00000000 ____D () C:\Users\localhost\AppData\Roaming\DAEMON Tools Lite
2015-01-09 21:05 - 2015-01-09 21:09 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-09 21:05 - 2015-01-09 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-09 21:04 - 2015-01-09 21:45 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-08 04:13 - 2015-01-08 04:14 - 00351881 _____ () C:\Users\localhost\Downloads\MarketHelper-1.1.apk
2015-01-07 22:36 - 2015-01-07 22:42 - 157694716 _____ () C:\Users\localhost\Downloads\gapps-kk-20140606-signed.zip
2015-01-07 21:28 - 2015-01-07 21:39 - 162927577 _____ () C:\Users\localhost\Downloads\gapps-lp-20141109-signed.zip
2015-01-07 20:16 - 2015-01-07 20:16 - 00000000 ____D () C:\Users\localhost\.android
2015-01-07 19:49 - 2015-01-08 04:29 - 00000000 ____D () C:\Users\localhost\AppData\Local\Genymobile
2015-01-07 19:49 - 2015-01-08 03:47 - 00000000 ____D () C:\Users\localhost\.VirtualBox
2015-01-07 19:48 - 2015-01-07 19:48 - 00001083 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-07 19:48 - 2015-01-07 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-07 19:48 - 2015-01-07 19:48 - 00000000 ____D () C:\Program Files\Oracle
2015-01-07 19:48 - 2013-04-12 11:41 - 00237840 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-07 19:48 - 2013-04-12 11:40 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-07 19:46 - 2015-01-07 19:46 - 00000825 _____ () C:\Users\Public\Desktop\Genymotion.lnk
2015-01-07 19:46 - 2015-01-07 19:46 - 00000822 _____ () C:\Users\Public\Desktop\Genymotion Shell.lnk
2015-01-07 19:46 - 2015-01-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2015-01-07 19:36 - 2015-01-07 19:40 - 123177592 _____ (Genymobile ) C:\Users\localhost\Downloads\genymotion-2.3.1-vbox.exe
2015-01-06 14:57 - 2015-01-06 14:57 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieUserList
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieSiteList
2014-12-23 04:16 - 2014-12-23 04:16 - 00000000 __SHD () C:\Users\localhost\AppData\Local\EmieBrowserModeList
2014-12-18 10:08 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:08 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 19:33 - 2014-11-04 10:23 - 01604996 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 19:05 - 2014-11-04 16:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 14:14 - 2009-07-14 18:58 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-01-10 14:14 - 2009-07-14 18:58 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-01-10 14:14 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-10 14:12 - 2014-11-04 15:31 - 00000000 ____D () C:\Users\localhost\AppData\Roaming\Skype
2015-01-10 14:09 - 2014-11-04 15:47 - 00000000 ____D () C:\Users\localhost\AppData\Local\Battle.net
2015-01-10 13:49 - 2009-07-14 05:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 13:49 - 2009-07-14 05:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 13:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 13:41 - 2009-07-14 05:51 - 00044680 _____ () C:\Windows\setupact.log
2015-01-10 12:47 - 2014-11-07 21:59 - 00000000 ____D () C:\Users\localhost\AppData\Local\Deployment
2015-01-10 10:00 - 2014-11-04 15:06 - 00298308 _____ () C:\Windows\PFRO.log
2015-01-10 03:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-10 01:22 - 2009-07-14 05:45 - 00288576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-09 23:13 - 2014-11-04 10:42 - 00062640 _____ () C:\Users\localhost\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 22:56 - 2014-11-04 10:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 22:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-09 22:37 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-01-09 22:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-09 22:05 - 2014-11-04 10:55 - 01591948 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-09 21:30 - 2014-11-04 10:38 - 00000000 ____D () C:\Users\localhost
2015-01-09 21:15 - 2014-11-04 15:16 - 00000696 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-09 21:15 - 2014-11-04 15:16 - 00000696 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-09 21:15 - 2014-11-04 10:39 - 00001010 _____ () C:\Users\localhost\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-08 17:58 - 2014-11-28 13:07 - 00001596 _____ () C:\Windows\Sandboxie.ini
2015-01-08 13:03 - 2014-11-04 16:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-08 13:03 - 2014-11-04 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-08 13:03 - 2014-11-04 16:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-08 13:03 - 2014-11-04 16:03 - 00000000 ____D () C:\Users\localhost\AppData\Local\Adobe
2015-01-06 14:57 - 2014-11-04 15:31 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 04:36 - 2014-11-04 15:03 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 13:08 - 2014-11-04 15:10 - 00004174 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-11 00:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\localhost\AppData\Local\Temp\AcDeltree.exe
C:\Users\localhost\AppData\Local\Temp\jmwaghdr.dll
C:\Users\localhost\AppData\Local\Temp\Quarantine.exe
C:\Users\localhost\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\localhost\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 18:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by localhost at 2015-01-10 19:39:39
Running from C:\Users\localhost\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 - DEU Lang Pack (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{5EE7BFEA-46FB-7266-D8A0-F7856EB65D05}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Mudbox 2015 (HKLM\...\Autodesk Mudbox 2015) (Version: 9.0.0.1383 - Autodesk)
Autodesk Mudbox 2015 (Version: 9.0.0.1383 - Autodesk) Hidden
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - bgs.bethsoft.com)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft Montreal)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version:  - Codemasters Racing)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Language Pack (DEU) für freigegebene Windows Azure-Komponenten für Microsoft Visual Studio 2013 - v1.1 (x32 Version: 1.1.20410.1601 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK - DEU (HKLM-x32\...\{F351AA2C-723C-4CFE-A7CB-8E43AB164F7F}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{D434E072-F482-4F52-AB97-7B19DD5DAEB5}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{485F4AC6-F79E-4482-A0D2-EDF0CCE1E124}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{1a3b012e-1e4d-4929-8980-35d33968e593}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Module Microsoft Report Viewer pour Visual Studio*2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla)
Mozilla Firefox 34.0.5 (x86 de) (HKU\S-1-5-21-2912928233-343445893-3736102554-1000\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
Nosgoth (HKLM-x32\...\Steam App 200110) (Version:  - Psyonix)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python Tools - Umleitungsvorlage (x32 Version: 1.1 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster X-Fi Go! Pro (HKLM-x32\...\{587B7A6F-CA1F-4639-9083-16F9BB2363B4}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 DEU Language Pack (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2912928233-343445893-3736102554-1000_Classes\CLSID\{487bf12d-ef06-4079-9a9c-87c9e7627fb7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2912928233-343445893-3736102554-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

06-01-2015 23:55:39 Windows Update
07-01-2015 19:46:59 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
07-01-2015 19:48:22 Installed Oracle VM VirtualBox 4.2.12
09-01-2015 21:09:03 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
09-01-2015 21:46:37 Microsoft Visual Studio Ultimate 2013
09-01-2015 21:47:31 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
09-01-2015 21:48:35 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
09-01-2015 22:25:33 DirectX wurde installiert
09-01-2015 22:46:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3A19EB0B-BE0B-42FD-BD72-0B0A85D9BA56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08] (Adobe Systems Incorporated)
Task: {8D5290DD-4075-421C-9946-B9B60934B048} - System32\Tasks\avast! Emergency Update => E:\Programme\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-04] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 21:57 - 2013-09-11 21:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-09-11 21:57 - 2013-09-11 21:57 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-11-25 11:42 - 2014-11-25 11:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-05 18:46 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-11-05 18:46 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-11-04 10:47 - 2011-12-06 02:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-04 10:47 - 2011-12-06 02:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-11 21:57 - 2013-09-11 21:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-01-10 19:25 - 2015-01-10 19:25 - 00852505 _____ () C:\Users\localhost\Downloads\SecurityCheck.exe
2015-01-10 10:09 - 2015-01-10 10:09 - 02909696 _____ () E:\Programme\AVAST Software\Avast\defs\15011000\algo.dll
2015-01-10 19:28 - 2015-01-10 19:28 - 02909696 _____ () E:\Programme\AVAST Software\Avast\defs\15011002\algo.dll
2014-11-22 22:22 - 2014-09-04 04:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-11-22 22:22 - 2014-09-04 04:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-11-04 15:09 - 2014-11-04 15:09 - 38561576 _____ () E:\Programme\AVAST Software\Avast\libcef.dll
2014-11-05 18:46 - 2009-12-29 16:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-11-05 18:46 - 2010-07-22 16:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-01-10 13:45 - 2014-09-04 04:41 - 00104328 _____ () C:\Users\localhost\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2014-11-13 20:57 - 2014-12-11 00:22 - 03758192 _____ () E:\Programme\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2912928233-343445893-3736102554-500 - Administrator - Disabled)
Gast (S-1-5-21-2912928233-343445893-3736102554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2912928233-343445893-3736102554-1003 - Limited - Enabled)
localhost (S-1-5-21-2912928233-343445893-3736102554-1000 - Administrator - Enabled) => C:\Users\localhost

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 07:38:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 07:24:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 02:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 02:15:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 03:28:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a because of the following error: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040).

Error: (01/10/2015 03:20:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07

Error: (01/10/2015 03:20:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:32 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07

Error: (01/10/2015 03:14:27 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07


System errors:
=============
Error: (01/10/2015 01:41:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎10.‎01.‎2015 um 13:27:11 unerwartet heruntergefahren.

Error: (01/10/2015 01:21:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Autodesk Application Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/09/2015 09:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 07:38:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\localhost\Downloads\esetsmartinstaller_deu.exe

Error: (01/10/2015 07:24:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/10/2015 02:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\localhost\Downloads\esetsmartinstaller_deu.exe

Error: (01/10/2015 02:15:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\localhost\Downloads\esetsmartinstaller_deu.exe

Error: (01/10/2015 03:28:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a because of the following error: The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040).
Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=10.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (01/10/2015 03:20:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07 
E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe

Error: (01/10/2015 03:20:56 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe . Error code = 0x80131f07 
E:\Programme (x86)\Microsoft Visual Studio 12.0\Common7\IDE\TF.exe

Error: (01/10/2015 03:14:34 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe

Error: (01/10/2015 03:14:32 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\WinMDExp.exe

Error: (01/10/2015 03:14:27 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe . Error code = 0x80131f07 
C:\Program Files (x86)\Microsoft SDKs\Windows\v8.1A\bin\NETFX 4.5.1 Tools\SecAnnotate.exe


==================== Memory info =========================== 

Processor: AMD FX(tm)-6300 Six-Core Processor 
Percentage of memory in use: 37%
Total physical RAM: 8174.12 MB
Available physical RAM: 5074.52 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 13148.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:102.44 GB) (Free:43.82 GB) NTFS
Drive d: (WDELEMENTS) (Fixed) (Total:931.25 GB) (Free:125.42 GB) FAT32
Drive e: (DATA) (Fixed) (Total:726.43 GB) (Free:561.61 GB) NTFS
Drive f: (VS2013_2_ULT_DEU) (CDROM) (Total:5.79 GB) (Free:0 GB) CDFS
Drive g: (kay) (Removable) (Total:14.94 GB) (Free:9.15 GB) exFAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 258E8B12)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=102.5 GB) - (Type=05)
Partition 4: (Not Active) - (Size=726.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 2FBD5D97)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 0000BBB5)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 10.01.2015, 20:36

Sind keine wilden Funde. Java und Firefox updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

10.01.2015, 14:56	#6
schrauber /// the machine /// TB-Ausbilder	Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean? Firewall kann immer anbleiben. Rest eigentlich auch, ausser bei dem Onlinescan. __________________ --> Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?

Log-Analyse und Auswertung: Nach Daemon Tools Lite installation eine Infektion, bin ich wieder clean?