scrnhost.com/img_72938.png Trojaner ? (.scr datei)

Kuetschi · 13.01.2015, 19:39

Hallo,

Ich bin gerade auf Steam online gegangen, nichts böses gedacht, in einem meiner Chats den Link gesehen ob ich "traden" will. Darauf hin kilckte ich auf den Link plötzlich started der Download und dadurch das am ende .png gestanden ist dacht ich mir nichts böses. Öffnete die Datei aber nichts ist passiert, dann sehe ich im Download-Ordner das die Datei ein .scr am ende hat, der Schock pur. Ich habs dann auch gleich gegooglet aber sah nur überall Trojaner, Trojaner, Trojaner...! Ich hab mein Virenprogramm zwar gerade durch laufen aber hab so ein flaues Gefühl D:

Gleich im Voraus ich habe nicht viel Ahnung von Logs und dem ganzen

Bitte um schnelle Antwort-Hilfe !

Danke!

MfG Kütschi(17) !

deeprybka · 13.01.2015, 19:46

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Kuetschi · 13.01.2015, 19:55

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Georg (administrator) on KÜHLEITNER-PC on 13-01-2015 19:51:39
Running from C:\Users\Georg\Downloads
Loaded Profile: Georg (Available profiles: Georg & Administrator!)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dropbox, Inc.) C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(SoftBrain Technologies Ltd.) C:\Users\Georg\AppData\Local\SmartWeb\SmartWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SoftBrain Technologies Ltd.) C:\Users\Georg\AppData\Local\SmartWeb\SmartWebApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Georg\AppData\Local\SmartWeb\SmartWebHelper.exe [270696 2014-05-27] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [GoogleChromeAutoLaunch_B6DBD78A03D86560931F91692C00E1BD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Spotify] => C:\Users\Georg\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Spotify Web Helper] => C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\MountPoints2: {0e9b21f0-1ccc-11e4-829d-d43d7efb55ee} - "H:\LG_PC_Programs.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk
ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Georg\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-24537952-2852794462-3476313194-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\zcis60mg.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-24537952-2852794462-3476313194-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: German Dictionary, extended for Austria - C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\zcis60mg.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-08]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> https://www.youtube.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-04]
CHR Extension: (YouTube) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google-Suche) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Google Mail) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
CHR Extension: (Anti-Banner) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-04]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-29] (Kaspersky Lab ZAO)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-27] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-06-11] (Mentor Graphics Corporation) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-02] (SolidWorks) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-09-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-16] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-01] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-01] (Kaspersky Lab ZAO)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:51 - 2015-01-13 19:52 - 00023532 _____ () C:\Users\Georg\Downloads\FRST.txt
2015-01-13 19:51 - 2015-01-13 19:50 - 02124288 _____ (Farbar) C:\Users\Georg\Desktop\FRST64.exe
2015-01-13 19:50 - 2015-01-13 19:51 - 00000000 ____D () C:\FRST
2015-01-13 19:50 - 2015-01-13 19:50 - 02124288 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2015-01-13 19:42 - 2015-01-13 19:44 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-01-13 19:42 - 2015-01-13 19:42 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00001151 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Users\Georg\AppData\Local\SecTaskMan
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-13 19:41 - 2015-01-13 19:42 - 02935152 _____ () C:\Users\Georg\Downloads\SecurityTaskManager_Setup.exe
2015-01-13 19:00 - 2015-01-13 19:00 - 00334008 _____ () C:\Windows\Minidump\011315-20687-01.dmp
2015-01-13 18:46 - 2015-01-13 18:46 - 00000000 ____D () C:\Program Files (x86)\Nightly
2015-01-08 17:49 - 2015-01-09 18:30 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\vlc
2015-01-08 17:48 - 2015-01-13 18:49 - 00000000 ____D () C:\Program Files (x86)\Nightly.bak
2015-01-08 17:48 - 2015-01-08 17:48 - 00001184 _____ () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
2015-01-08 17:48 - 2015-01-08 17:48 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-08 17:48 - 2015-01-08 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-08 17:48 - 2015-01-08 17:48 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-08 17:48 - 2015-01-08 17:48 - 00000000 ____D () C:\Program Files (x86)\Startfenster
2015-01-08 17:47 - 2015-01-08 17:47 - 24954112 _____ () C:\Users\Georg\Downloads\vlc-2.1.5-win32.exe
2015-01-06 15:13 - 2015-01-06 15:13 - 00000000 ____D () C:\Users\Georg\AppData\Local\PackageStaging
2015-01-06 09:34 - 2015-01-06 09:34 - 04117346 _____ () C:\Users\Georg\Downloads\MotioninJoy_071001_signed.zip
2015-01-05 00:18 - 2015-01-05 00:34 - 00000566 _____ () C:\Users\Georg\Desktop\Isaac-Rebirth.cfg
2015-01-04 23:32 - 2015-01-04 23:32 - 00000222 _____ () C:\Users\Georg\Desktop\The Binding of Isaac Rebirth.url
2015-01-02 19:43 - 2015-01-02 19:45 - 00000062 _____ () C:\Users\Georg\Desktop\Produktschlüssel Don't Starve.txt
2015-01-02 18:32 - 2015-01-02 19:38 - 00000000 ____D () C:\Users\Georg\Documents\Klei
2015-01-02 18:28 - 2015-01-02 18:28 - 00000222 _____ () C:\Users\Georg\Desktop\Don't Starve Together Beta.url
2015-01-02 18:20 - 2015-01-02 18:20 - 00000222 _____ () C:\Users\Georg\Desktop\Don't Starve.url
2014-12-31 23:44 - 2014-12-31 23:44 - 00000222 _____ () C:\Users\Georg\Desktop\Castle Crashers.url
2014-12-27 19:37 - 2014-12-27 19:37 - 00003072 _____ () C:\Windows\System32\Tasks\{C71106F5-EA2F-4D84-9C81-EA505F58A16C}
2014-12-26 20:35 - 2015-01-09 17:23 - 00000000 ____D () C:\Users\Georg\AppData\Local\Windows Live
2014-12-23 13:31 - 2014-12-24 18:45 - 00000000 ____D () C:\Users\Georg\Desktop\Mashup
2014-12-23 00:10 - 2014-12-23 00:10 - 00000000 __SHD () C:\Users\Georg\AppData\Local\EmieBrowserModeList
2014-12-22 16:31 - 2014-12-26 21:14 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\OBS
2014-12-22 16:31 - 2014-12-22 16:31 - 00000951 _____ () C:\Users\Georg\Desktop\Open Broadcaster Software.lnk
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Program Files\OBS
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-22 02:12 - 2014-12-22 02:12 - 00001463 _____ () C:\Users\Georg\AppData\Local\recently-used.xbel
2014-12-20 14:53 - 2014-12-20 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-20 14:53 - 2014-12-20 14:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-20 08:51 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-20 08:51 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 00:10 - 2014-12-14 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2014-12-14 00:09 - 2014-12-14 00:10 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-12-14 00:04 - 2014-12-14 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-12-14 00:04 - 2014-12-14 00:04 - 00000000 ____D () C:\Program Files (x86)\FLV Player

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:46 - 2014-02-02 09:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-13 19:45 - 2014-04-04 13:19 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 19:14 - 2014-02-01 14:55 - 01775843 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 19:14 - 2013-11-08 01:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-13 19:02 - 2014-02-22 18:56 - 00000000 ___RD () C:\Users\Georg\Dropbox
2015-01-13 19:02 - 2014-02-22 18:55 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Dropbox
2015-01-13 19:01 - 2014-11-16 21:20 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-13 19:01 - 2014-08-28 13:45 - 00000000 ____D () C:\Users\Georg\AppData\Local\LogMeIn Hamachi
2015-01-13 19:00 - 2014-09-04 17:06 - 632645626 _____ () C:\Windows\MEMORY.DMP
2015-01-13 19:00 - 2014-09-04 17:06 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 19:00 - 2014-04-04 13:19 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 19:00 - 2014-02-01 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 19:00 - 2013-09-12 11:53 - 00067468 _____ () C:\Windows\PFRO.log
2015-01-13 19:00 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 18:57 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-13 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 17:59 - 2014-03-19 15:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-13 16:29 - 2014-02-01 15:31 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9825FE4-9BBC-4C48-B9EC-0443B6F170C4}
2015-01-12 17:27 - 2014-02-01 15:08 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-24537952-2852794462-3476313194-1002
2015-01-10 23:48 - 2014-12-02 21:39 - 00000996 _____ () C:\Users\Georg\Desktop\JoyToKey.ini
2015-01-10 23:48 - 2014-12-02 21:39 - 00000604 _____ () C:\Users\Georg\Desktop\Profile 1.cfg
2015-01-10 23:48 - 2014-12-02 21:38 - 00002455 _____ () C:\Users\Georg\Desktop\JoyToKey.log
2015-01-09 17:28 - 2013-09-12 12:28 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 17:28 - 2013-09-12 12:28 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 17:28 - 2013-09-12 12:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 17:11 - 2014-02-01 19:32 - 00000000 __RDO () C:\Users\Georg\SkyDrive
2015-01-08 18:31 - 2014-09-02 18:56 - 00000000 ____D () C:\Users\Georg\AppData\Local\Spotify
2015-01-08 18:31 - 2014-09-02 18:55 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Spotify
2015-01-06 15:13 - 2014-02-01 15:02 - 00000000 ____D () C:\Users\Georg\AppData\Local\Packages
2015-01-06 14:37 - 2014-05-02 09:26 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\.minecraft
2015-01-04 23:36 - 2014-03-30 13:07 - 00000000 ____D () C:\Users\Georg\Documents\My Games
2015-01-04 23:32 - 2014-02-04 11:20 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-02 18:31 - 2013-09-13 08:14 - 00100817 _____ () C:\Windows\DirectX.log
2015-01-01 14:27 - 2014-06-12 16:50 - 00000000 ____D () C:\Users\Georg\AppData\Local\ftblauncher
2014-12-31 12:02 - 2014-02-03 09:24 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\.technic
2014-12-31 12:02 - 2014-02-02 10:16 - 22764192 _____ () C:\Users\Georg\Desktop\TechnicLauncher.exe
2014-12-31 03:34 - 2014-02-01 15:02 - 00000000 ____D () C:\Users\Georg
2014-12-30 19:27 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Skype
2014-12-27 22:49 - 2014-04-13 09:50 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\TS3Client
2014-12-27 19:37 - 2014-08-27 13:03 - 00000000 ____D () C:\ProgramData\Skype
2014-12-26 21:10 - 2014-02-22 18:49 - 00000000 ____D () C:\Users\Georg\.gimp-2.8
2014-12-26 20:54 - 2014-12-02 21:15 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\HandBrake
2014-12-25 01:38 - 2013-11-07 14:12 - 00044310 _____ () C:\Windows\setupact.log
2014-12-23 22:20 - 2014-05-20 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-23 22:19 - 2014-03-23 19:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-23 21:06 - 2014-02-06 21:50 - 00002264 ____H () C:\Users\Georg\Documents\Default.rdp
2014-12-23 20:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-22 02:12 - 2014-03-06 17:23 - 00000000 ____D () C:\Users\Georg\AppData\Local\gtk-2.0
2014-12-22 02:06 - 2014-12-02 21:14 - 00000884 _____ () C:\Users\Georg\Desktop\Handbrake.lnk
2014-12-21 11:01 - 2014-10-26 20:24 - 00000000 ____D () C:\Users\Georg\AppData\Local\Adobe
2014-12-21 11:01 - 2014-03-19 15:50 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-20 14:53 - 2014-12-06 11:02 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-20 10:12 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 13:05 - 2014-02-22 18:56 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 18:57 - 2014-03-06 17:26 - 00000000 ____D () C:\Users\Georg\Desktop\Datein
2014-12-14 18:57 - 2014-02-02 10:31 - 00000000 ____D () C:\Users\Georg\Desktop\Programme

Some content of TEMP:
====================
C:\Users\Georg\AppData\Local\Temp\aacenc3.exe
C:\Users\Georg\AppData\Local\Temp\COMAP.EXE
C:\Users\Georg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyybrht.dll
C:\Users\Georg\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.6.2.3.exe
C:\Users\Georg\AppData\Local\Temp\ICReinstall_total-war-rome-ii-full-version.exe
C:\Users\Georg\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\Georg\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Georg\AppData\Local\Temp\SimBundD.exe
C:\Users\Georg\AppData\Local\Temp\SimBundD[1].exe
C:\Users\Georg\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Georg\AppData\Local\Temp\SymCCIS.dll
C:\Users\Georg\AppData\Local\Temp\x264enc5.exe
C:\Users\Georg\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 15:56

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Georg at 2015-01-13 19:52:29
Running from C:\Users\Georg\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.5 - Atomi Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{027D8900-A6DE-881E-BC17-1E5EFBF8481A}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2: Operation Arrowhead Demo (HKLM-x32\...\Steam App 33970) (Version:  - Bohemia Interactive)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dojotech Spotify Recorder (HKLM-x32\...\{461179FC-E2AC-4CC8-AA95-82D35FB3E7EA}) (Version: 3.3 - Dojotech Software)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dropbox (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jungle Heat Ultimate Hack v.9.3 9.3 (HKLM-x32\...\Jungle Heat Ultimate Hack v.9.3 9.3) (Version: 9.3 - Jungle Heat FREE Hacks)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0a1 - Mozilla)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nightly 38.0a1 (x86 en-US) (HKLM-x32\...\Nightly 38.0a1 (x86 en-US)) (Version: 38.0a1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
SiteFinder (HKLM-x32\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION!
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.3 - SoftBrain Technologies Ltd.) <==== ATTENTION
SolidWorks 2014 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20140-40400-1100-100) (Version: 22.4.0.54 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP04 (Version: 22.140.54 - SolidWorks) Hidden
SolidWorks 2014 x64 German Resources (Version: 22.140.54 - SolidWorks Corporation) Hidden
SolidWorks Composer Player 2014 SP04 x64 Edition (Version: 22.40.54 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP04 (Version: 14.4.105 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP04 x64 Edition  (Version: 22.40.55 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP04 x64 Edition (Version: 22.40.54 - SolidWorks Corporation) Hidden
Spotify (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster) <==== ATTENTION!
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StepMania v5.0 beta 2 (Nur entfernen) (HKLM-x32\...\StepMania 5) (Version:  - StepMania Team)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity Web Player (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.33 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Yet Another Zombie Defense (HKLM-x32\...\Steam App 270550) (Version:  - Awesome Games Studio)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-12-2014 13:38:51 Windows Update
31-12-2014 23:55:06 Geplanter Prüfpunkt
02-01-2015 14:31:00 DirectX wurde installiert
09-01-2015 18:34:37 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FA99A4-4906-45C1-82C3-F8B4E03F69D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {1F4EBA0C-DEC4-437B-8A78-F8CFD6BE77F4} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Georg\AppData\Local\SmartWeb\SmartWebHelper.exe [2014-05-27] (SoftBrain Technologies Ltd.)
Task: {2EBF3EB7-884C-4383-A8D1-D55300E33C77} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {378FC094-1F85-45CE-B62C-377DF3E7754A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {507EC655-134F-4350-9AE5-5FFFC3A22336} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {55D00478-E087-4932-B6F5-5A2049701810} - System32\Tasks\{C71106F5-EA2F-4D84-9C81-EA505F58A16C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.0.107/de/abandoninstall?page=tsProgressBar
Task: {8465EF65-BA70-4FE7-8257-1E152EF473EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-21] (Adobe Systems Incorporated)
Task: {96C2A2C3-A558-4326-AB99-2BE03F7DF213} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {C8D4D0D7-A3CA-4DFB-9FAC-FBF9DEB8B3DE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D28849D8-6DE2-4BB5-90FE-F92197AE7D91} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F0B1B076-F256-41DB-A820-AE87043A6CE5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FE6C916E-2483-43C9-8E76-C331B6EDE2AB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-10 23:25 - 2013-09-10 23:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-24 18:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-11-07 10:08 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-12 06:30 - 2014-06-12 06:30 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2013-09-10 23:25 - 2013-09-10 23:25 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-13 19:02 - 2015-01-13 19:02 - 00043008 _____ () c:\users\georg\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyybrht.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-11-07 10:06 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Georg\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Spotify"

========================= Accounts: ==========================

Administrator (S-1-5-21-24537952-2852794462-3476313194-500 - Administrator - Disabled)
Administrator! (S-1-5-21-24537952-2852794462-3476313194-1005 - Limited - Enabled) => C:\Users\Administrator!
Gast (S-1-5-21-24537952-2852794462-3476313194-501 - Limited - Disabled)
Georg (S-1-5-21-24537952-2852794462-3476313194-1002 - Administrator - Enabled) => C:\Users\Georg
HomeGroupUser$ (S-1-5-21-24537952-2852794462-3476313194-1008 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 07:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.50.25.37, Zeitstempel: 0x546ba76e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003dca4
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3
Vollständiger Name des fehlerhaften Pakets: Steam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Steam.exe5

Error: (01/13/2015 07:01:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 07:01:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 10.0.0.7

Error: (01/13/2015 07:01:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3

Error: (01/13/2015 07:01:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 07:01:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 169.254.253.241

Error: (01/13/2015 07:01:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3

Error: (01/13/2015 07:00:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 07:00:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 169.254.253.241

Error: (01/13/2015 07:00:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3


System errors:
=============
Error: (01/13/2015 07:01:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KsHLEITNER-PC  :20" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 169.254.253.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 07:01:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 169.254.253.241 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 07:01:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{AA92C271-E4FB-40DB-B16F-486C7626AAA7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "DNS-Client" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "Remoteprozeduraufruf (RPC)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Remoteprozeduraufruf (RPC)" ist vom Dienst "DCOM-Server-Prozessstart" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%3

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "RPC-Endpunktzuordnung" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DCOM-Server-Prozessstart" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "DNS-Client" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/13/2015 06:59:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst "Remoteprozeduraufruf (RPC)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 69%
Total physical RAM: 3286.55 MB
Available physical RAM: 1014.73 MB
Total Pagefile: 6614.55 MB
Available Pagefile: 4201.45 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:665.45 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 13.01.2015, 20:04

Hi,

Schritt 1

Bitte deinstalliere folgende Programme:

SiteFinder
SmartWeb
Startfenster
Java 7 Update 45 (64-bit)
Java 7 Update 71

Versuche es bei Windows 8

mit der Windowstaste + X über

.

Sollte das nicht gehen, lade Dir bitte Revo Uninstaller

hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung

Starte die Revouninstaller.exe
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Download
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 4

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Kuetschi · 13.01.2015, 20:48

Code:

ATTFilter

# AdwCleaner v4.107 - Bericht erstellt am 13/01/2015 um 20:17:31
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Georg - KÜHLEITNER-PC
# Gestartet von : C:\Users\Georg\Desktop\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\SiteLookup
Ordner Gelöscht : C:\Program Files (x86)\smart pc cleaner
Ordner Gelöscht : C:\Users\Georg\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Ordner Gelöscht : C:\Users\Georg\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Georg\AppData\Roaming\SimilarSites
Ordner Gelöscht : C:\Users\Georg\Documents\smart pc cleaner
Datei Gelöscht : C:\Users\Georg\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Smart PC Cleaner
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2892 octets] - [13/01/2015 20:16:01]
AdwCleaner[S0].txt - [2597 octets] - [13/01/2015 20:17:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2657 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 13.01.2015
Suchlauf-Zeit: 20:24:08
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.13.15
Rootkit Datenbank: v2015.01.07.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Georg

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 399614
Verstrichene Zeit: 15 Min, 27 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Georg (administrator) on KÜHLEITNER-PC on 13-01-2015 20:45:21
Running from C:\Users\Georg\Desktop
Loaded Profile: Georg (Available profiles: Georg & Administrator!)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [GoogleChromeAutoLaunch_B6DBD78A03D86560931F91692C00E1BD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Spotify] => C:\Users\Georg\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [Spotify Web Helper] => C:\Users\Georg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-21] (Spotify Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\MountPoints2: {0e9b21f0-1ccc-11e4-829d-d43d7efb55ee} - "H:\LG_PC_Programs.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Schnellstart.lnk
ShortcutTarget: SolidWorks 2014 Schnellstart.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-24537952-2852794462-3476313194-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\zcis60mg.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-24537952-2852794462-3476313194-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Georg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: German Dictionary, extended for Austria - C:\Users\Georg\AppData\Roaming\Mozilla\Firefox\Profiles\zcis60mg.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2014-06-10]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-08]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR HomePage: Default -> https://www.youtube.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-04]
CHR Extension: (Google Drive) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-26]
CHR Extension: (Kaspersky Protection) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-04]
CHR Extension: (YouTube) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-04]
CHR Extension: (Google-Suche) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-04]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-04]
CHR Extension: (Google Mail) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-04]
CHR Extension: (Anti-Banner) - C:\Users\Georg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-04]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-29] (Kaspersky Lab ZAO)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-09-27] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-01-13] (Ellora Assets Corp.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-06-11] (Mentor Graphics Corporation) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-02] (SolidWorks) [File not signed]
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-09-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-16] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-01] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-02-01] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-02-01] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 20:45 - 2015-01-13 20:45 - 00022344 _____ () C:\Users\Georg\Desktop\FRST.txt
2015-01-13 20:43 - 2015-01-13 20:43 - 00001189 _____ () C:\Users\Georg\Desktop\Malware.txt
2015-01-13 20:22 - 2015-01-13 20:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-13 20:21 - 2015-01-13 20:21 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-13 20:21 - 2015-01-13 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-13 20:21 - 2015-01-13 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 20:21 - 2015-01-13 20:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-13 20:21 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-13 20:21 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-13 20:21 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-13 20:20 - 2015-01-13 20:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Georg\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-13 20:15 - 2015-01-13 20:17 - 00000000 ____D () C:\AdwCleaner
2015-01-13 20:14 - 2015-01-13 20:14 - 02191360 _____ () C:\Users\Georg\Downloads\AdwCleaner_4.107.exe
2015-01-13 20:14 - 2015-01-13 20:14 - 02191360 _____ () C:\Users\Georg\Desktop\AdwCleaner_4.107.exe
2015-01-13 19:52 - 2015-01-13 19:52 - 00033516 _____ () C:\Users\Georg\Downloads\Addition.txt
2015-01-13 19:51 - 2015-01-13 19:52 - 00036263 _____ () C:\Users\Georg\Downloads\FRST.txt
2015-01-13 19:51 - 2015-01-13 19:50 - 02124288 _____ (Farbar) C:\Users\Georg\Desktop\FRST64.exe
2015-01-13 19:50 - 2015-01-13 20:45 - 00000000 ____D () C:\FRST
2015-01-13 19:50 - 2015-01-13 19:50 - 02124288 _____ (Farbar) C:\Users\Georg\Downloads\FRST64.exe
2015-01-13 19:42 - 2015-01-13 19:42 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00001151 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-13 19:42 - 2015-01-13 19:42 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-13 19:00 - 2015-01-13 19:00 - 00334008 _____ () C:\Windows\Minidump\011315-20687-01.dmp
2015-01-13 18:46 - 2015-01-13 18:46 - 00000000 ____D () C:\Program Files (x86)\Nightly
2015-01-08 17:49 - 2015-01-09 18:30 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\vlc
2015-01-08 17:48 - 2015-01-13 18:49 - 00000000 ____D () C:\Program Files (x86)\Nightly.bak
2015-01-08 17:48 - 2015-01-08 17:48 - 00001086 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-08 17:48 - 2015-01-08 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-08 17:48 - 2015-01-08 17:48 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-06 15:13 - 2015-01-06 15:13 - 00000000 ____D () C:\Users\Georg\AppData\Local\PackageStaging
2015-01-05 00:18 - 2015-01-05 00:34 - 00000566 _____ () C:\Users\Georg\Desktop\Isaac-Rebirth.cfg
2015-01-04 23:32 - 2015-01-04 23:32 - 00000222 _____ () C:\Users\Georg\Desktop\The Binding of Isaac Rebirth.url
2015-01-02 19:43 - 2015-01-02 19:45 - 00000062 _____ () C:\Users\Georg\Desktop\Produktschlüssel Don't Starve.txt
2015-01-02 18:32 - 2015-01-02 19:38 - 00000000 ____D () C:\Users\Georg\Documents\Klei
2015-01-02 18:28 - 2015-01-02 18:28 - 00000222 _____ () C:\Users\Georg\Desktop\Don't Starve Together Beta.url
2015-01-02 18:20 - 2015-01-02 18:20 - 00000222 _____ () C:\Users\Georg\Desktop\Don't Starve.url
2014-12-31 23:44 - 2014-12-31 23:44 - 00000222 _____ () C:\Users\Georg\Desktop\Castle Crashers.url
2014-12-27 19:37 - 2014-12-27 19:37 - 00003072 _____ () C:\Windows\System32\Tasks\{C71106F5-EA2F-4D84-9C81-EA505F58A16C}
2014-12-26 20:35 - 2015-01-09 17:23 - 00000000 ____D () C:\Users\Georg\AppData\Local\Windows Live
2014-12-23 13:31 - 2014-12-24 18:45 - 00000000 ____D () C:\Users\Georg\Desktop\Mashup
2014-12-23 00:10 - 2014-12-23 00:10 - 00000000 __SHD () C:\Users\Georg\AppData\Local\EmieBrowserModeList
2014-12-22 16:31 - 2014-12-26 21:14 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\OBS
2014-12-22 16:31 - 2014-12-22 16:31 - 00000951 _____ () C:\Users\Georg\Desktop\Open Broadcaster Software.lnk
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Program Files\OBS
2014-12-22 16:31 - 2014-12-22 16:31 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-22 02:12 - 2014-12-22 02:12 - 00001463 _____ () C:\Users\Georg\AppData\Local\recently-used.xbel
2014-12-20 14:53 - 2014-12-20 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-20 14:53 - 2014-12-20 14:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-20 08:51 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-20 08:51 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 00:10 - 2014-12-14 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2014-12-14 00:09 - 2014-12-14 00:10 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
2014-12-14 00:04 - 2014-12-14 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-12-14 00:04 - 2014-12-14 00:04 - 00000000 ____D () C:\Program Files (x86)\FLV Player

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 20:45 - 2014-04-04 13:19 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 20:33 - 2014-02-01 14:55 - 01815411 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 20:23 - 2014-02-01 15:08 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-24537952-2852794462-3476313194-1002
2015-01-13 20:20 - 2014-04-04 13:19 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 20:20 - 2014-02-22 18:56 - 00000000 ___RD () C:\Users\Georg\Dropbox
2015-01-13 20:20 - 2014-02-22 18:55 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Dropbox
2015-01-13 20:20 - 2014-02-02 09:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-13 20:19 - 2014-11-16 21:20 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-13 20:19 - 2014-08-28 13:45 - 00000000 ____D () C:\Users\Georg\AppData\Local\LogMeIn Hamachi
2015-01-13 20:19 - 2013-11-08 01:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-13 20:18 - 2014-03-19 15:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 20:18 - 2013-09-12 11:53 - 00068718 _____ () C:\Windows\PFRO.log
2015-01-13 20:18 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 20:18 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-13 20:12 - 2014-02-01 15:02 - 00001466 _____ () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-13 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-13 19:59 - 2014-03-19 15:50 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 19:00 - 2014-09-04 17:06 - 632645626 _____ () C:\Windows\MEMORY.DMP
2015-01-13 19:00 - 2014-09-04 17:06 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 19:00 - 2014-02-01 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 16:32 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-13 16:29 - 2014-02-01 15:31 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9825FE4-9BBC-4C48-B9EC-0443B6F170C4}
2015-01-10 23:48 - 2014-12-02 21:39 - 00000996 _____ () C:\Users\Georg\Desktop\JoyToKey.ini
2015-01-10 23:48 - 2014-12-02 21:39 - 00000604 _____ () C:\Users\Georg\Desktop\Profile 1.cfg
2015-01-10 23:48 - 2014-12-02 21:38 - 00002455 _____ () C:\Users\Georg\Desktop\JoyToKey.log
2015-01-09 17:28 - 2013-09-12 12:28 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-01-09 17:28 - 2013-09-12 12:28 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-01-09 17:28 - 2013-09-12 12:00 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 17:11 - 2014-02-01 19:32 - 00000000 __RDO () C:\Users\Georg\SkyDrive
2015-01-08 18:31 - 2014-09-02 18:56 - 00000000 ____D () C:\Users\Georg\AppData\Local\Spotify
2015-01-08 18:31 - 2014-09-02 18:55 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Spotify
2015-01-06 15:13 - 2014-02-01 15:02 - 00000000 ____D () C:\Users\Georg\AppData\Local\Packages
2015-01-06 14:37 - 2014-05-02 09:26 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\.minecraft
2015-01-04 23:36 - 2014-03-30 13:07 - 00000000 ____D () C:\Users\Georg\Documents\My Games
2015-01-04 23:32 - 2014-02-04 11:20 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-02 18:31 - 2013-09-13 08:14 - 00100817 _____ () C:\Windows\DirectX.log
2015-01-01 14:27 - 2014-06-12 16:50 - 00000000 ____D () C:\Users\Georg\AppData\Local\ftblauncher
2014-12-31 12:02 - 2014-02-03 09:24 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\.technic
2014-12-31 12:02 - 2014-02-02 10:16 - 22764192 _____ () C:\Users\Georg\Desktop\TechnicLauncher.exe
2014-12-31 03:34 - 2014-02-01 15:02 - 00000000 ____D () C:\Users\Georg
2014-12-30 19:27 - 2014-08-27 13:03 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Skype
2014-12-27 22:49 - 2014-04-13 09:50 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\TS3Client
2014-12-27 19:37 - 2014-08-27 13:03 - 00000000 ____D () C:\ProgramData\Skype
2014-12-26 21:10 - 2014-02-22 18:49 - 00000000 ____D () C:\Users\Georg\.gimp-2.8
2014-12-26 20:54 - 2014-12-02 21:15 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\HandBrake
2014-12-25 01:38 - 2013-11-07 14:12 - 00044310 _____ () C:\Windows\setupact.log
2014-12-23 22:20 - 2014-05-20 18:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-23 22:19 - 2014-03-23 19:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-23 21:06 - 2014-02-06 21:50 - 00002264 ____H () C:\Users\Georg\Documents\Default.rdp
2014-12-23 20:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-22 02:12 - 2014-03-06 17:23 - 00000000 ____D () C:\Users\Georg\AppData\Local\gtk-2.0
2014-12-22 02:06 - 2014-12-02 21:14 - 00000884 _____ () C:\Users\Georg\Desktop\Handbrake.lnk
2014-12-21 11:01 - 2014-10-26 20:24 - 00000000 ____D () C:\Users\Georg\AppData\Local\Adobe
2014-12-20 14:53 - 2014-12-06 11:02 - 00000942 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-20 10:12 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-17 13:05 - 2014-02-22 18:56 - 00000000 ____D () C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-14 18:57 - 2014-03-06 17:26 - 00000000 ____D () C:\Users\Georg\Desktop\Datein
2014-12-14 18:57 - 2014-02-02 10:31 - 00000000 ____D () C:\Users\Georg\Desktop\Programme

Some content of TEMP:
====================
C:\Users\Georg\AppData\Local\Temp\aacenc3.exe
C:\Users\Georg\AppData\Local\Temp\COMAP.EXE
C:\Users\Georg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2wl0o9.dll
C:\Users\Georg\AppData\Local\Temp\FreemakeYoutubeMp3Converter_3.6.2.3.exe
C:\Users\Georg\AppData\Local\Temp\ICReinstall_total-war-rome-ii-full-version.exe
C:\Users\Georg\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\Georg\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Georg\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Georg\AppData\Local\Temp\Quarantine.exe
C:\Users\Georg\AppData\Local\Temp\SimBundD.exe
C:\Users\Georg\AppData\Local\Temp\SimBundD[1].exe
C:\Users\Georg\AppData\Local\Temp\sqlite3.dll
C:\Users\Georg\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Georg\AppData\Local\Temp\SymCCIS.dll
C:\Users\Georg\AppData\Local\Temp\x264enc5.exe
C:\Users\Georg\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-08 15:56

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Georg at 2015-01-13 20:46:12
Running from C:\Users\Georg\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.5 - Atomi Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{027D8900-A6DE-881E-BC17-1E5EFBF8481A}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2: Operation Arrowhead Demo (HKLM-x32\...\Steam App 33970) (Version:  - Bohemia Interactive)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
ControlConsole API version 2.60 (HKLM-x32\...\{E6C0F5ED-B5EA-451D-8CB1-57902AA188DE}_is1) (Version: 2.60 - Enstone)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3215 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dojotech Spotify Recorder (HKLM-x32\...\{461179FC-E2AC-4CC8-AA95-82D35FB3E7EA}) (Version: 3.3 - Dojotech Software)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version:  - )
Dropbox (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farming Simulator 15 (HKLM-x32\...\Steam App 313160) (Version:  - Giants Software)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.6.2 - Ellora Assets Corporation)
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Jungle Heat Ultimate Hack v.9.3 9.3 (HKLM-x32\...\Jungle Heat Ultimate Hack v.9.3 9.3) (Version: 9.3 - Jungle Heat FREE Hacks)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Magicite (HKLM-x32\...\Steam App 268750) (Version:  - SmashGames)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0a1 - Mozilla)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nightly 38.0a1 (x86 en-US) (HKLM-x32\...\Nightly 38.0a1 (x86 en-US)) (Version: 38.0a1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 2.0 (HKLM-x32\...\Security Task Manager) (Version: 2.0 - Neuber Software)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolidWorks 2014 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20140-40400-1100-100) (Version: 22.4.0.54 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP04 (Version: 22.140.54 - SolidWorks) Hidden
SolidWorks 2014 x64 German Resources (Version: 22.140.54 - SolidWorks Corporation) Hidden
SolidWorks Composer Player 2014 SP04 x64 Edition (Version: 22.40.54 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP04 (Version: 14.4.105 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2014 SP04 x64 Edition  (Version: 22.40.55 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP04 x64 Edition (Version: 22.40.54 - SolidWorks Corporation) Hidden
Spotify (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StepMania v5.0 beta 2 (Nur entfernen) (HKLM-x32\...\StepMania 5) (Version:  - StepMania Team)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Unity Web Player (HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 3.33 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Yet Another Zombie Defense (HKLM-x32\...\Steam App 270550) (Version:  - Awesome Games Studio)
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Georg\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-24537952-2852794462-3476313194-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Georg\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-12-2014 13:38:51 Windows Update
31-12-2014 23:55:06 Geplanter Prüfpunkt
02-01-2015 14:31:00 DirectX wurde installiert
09-01-2015 18:34:37 Geplanter Prüfpunkt
13-01-2015 20:12:42 Removed Java 7 Update 45 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FA99A4-4906-45C1-82C3-F8B4E03F69D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {2EBF3EB7-884C-4383-A8D1-D55300E33C77} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {378FC094-1F85-45CE-B62C-377DF3E7754A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)
Task: {507EC655-134F-4350-9AE5-5FFFC3A22336} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {55D00478-E087-4932-B6F5-5A2049701810} - System32\Tasks\{C71106F5-EA2F-4D84-9C81-EA505F58A16C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.0.107/de/abandoninstall?page=tsProgressBar
Task: {8465EF65-BA70-4FE7-8257-1E152EF473EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {96C2A2C3-A558-4326-AB99-2BE03F7DF213} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-04] (Google Inc.)
Task: {C8D4D0D7-A3CA-4DFB-9FAC-FBF9DEB8B3DE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D28849D8-6DE2-4BB5-90FE-F92197AE7D91} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {F0B1B076-F256-41DB-A820-AE87043A6CE5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FE6C916E-2483-43C9-8E76-C331B6EDE2AB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-10 23:25 - 2013-09-10 23:25 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-24 18:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-07 10:08 - 2013-03-06 15:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-12 06:30 - 2014-06-12 06:30 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2013-09-10 23:25 - 2013-09-10 23:25 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 22:47 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-13 20:19 - 2015-01-13 20:19 - 00043008 _____ () c:\users\georg\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2wl0o9.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Georg\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-11-07 10:06 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Georg\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-24537952-2852794462-3476313194-1002\...\StartupApproved\Run: => "Spotify"

========================= Accounts: ==========================

Administrator (S-1-5-21-24537952-2852794462-3476313194-500 - Administrator - Disabled)
Administrator! (S-1-5-21-24537952-2852794462-3476313194-1005 - Limited - Enabled) => C:\Users\Administrator!
Gast (S-1-5-21-24537952-2852794462-3476313194-501 - Limited - Disabled)
Georg (S-1-5-21-24537952-2852794462-3476313194-1002 - Administrator - Enabled) => C:\Users\Georg
HomeGroupUser$ (S-1-5-21-24537952-2852794462-3476313194-1008 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/13/2015 08:19:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 08:19:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 10.0.0.7

Error: (01/13/2015 08:19:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3

Error: (01/13/2015 08:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 08:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 10.0.0.7

Error: (01/13/2015 08:19:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3

Error: (01/13/2015 08:18:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname K-hleitner-PC.local already in use; will try K-hleitner-PC-2.local instead

Error: (01/13/2015 08:18:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 K-hleitner-PC.local. Addr 10.0.0.7

Error: (01/13/2015 08:18:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.3:5353    4 K-hleitner-PC.local. Addr 10.0.0.3

Error: (01/13/2015 07:02:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Steam.exe, Version: 2.50.25.37, Zeitstempel: 0x546ba76e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003dca4
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0xSteam.exe0
Pfad der fehlerhaften Anwendung: Steam.exe1
Pfad des fehlerhaften Moduls: Steam.exe2
Berichtskennung: Steam.exe3
Vollständiger Name des fehlerhaften Pakets: Steam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Steam.exe5


System errors:
=============
Error: (01/13/2015 08:19:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:13 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KsHLEITNER-PC  :20" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:13 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{AA92C271-E4FB-40DB-B16F-486C7626AAA7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (01/13/2015 08:19:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (01/13/2015 08:19:08 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "KÜHLEITNER-PC  :0" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.7
registriert werden. Der Computer mit IP-Adresse 10.0.0.3 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 45%
Total physical RAM: 3286.55 MB
Available physical RAM: 1784.4 MB
Total Pagefile: 6614.55 MB
Available Pagefile: 4410.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:665.57 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:44.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 13.01.2015, 20:59

Hast Du die scr-Datei angeklickt bzw. gestartet? (Die Dateierweiterung ist eigentlich von einer Bildschirmschoner-Datei.)

Kuetschi · 13.01.2015, 21:03

Also bei Chrome war die Datei runtergeladen und da hab ich draufgeklicht und dann ist nichts passiert :/

MfG Kütschi

Ich könnte den Link posten aber ich will nicht das Leute unabsichtlich darauf klicken !!!

MfG Kütschi

deeprybka · 13.01.2015, 21:18

Nicht nötig, ich hab die Datei schon...

Bitte jetzt vorübergehend den Echtzeitschutz von Kaspersky deaktivieren.

Schritt 1
Download von

ZOEK (by Smeenk)

Speichere die zoek.exe auf dem Desktop.
Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
Code:
ATTFilter
```
filesrcm;
         
```

Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.

Zitat:

Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
Bitte poste mir das zoek-results.log.

deeprybka · 13.01.2015, 21:27

Bitte ändere mal von einem anderen PC aus Dein Steam-Passwort. Das ist ein Steam Password Stealer.

https://www.virustotal.com/de/file/c...is/1421179546/

Kuetschi · 13.01.2015, 21:37

Code:

ATTFilter

Zoek.exe v5.0.0.0 Updated 13-01-2015
Tool run by Georg on 13.01.2015 at 21:28:52,05.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Georg\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

13.01.2015 21:30:42 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Georg\AppData\Local\Temp ====
2015-01-13 19:19:44	97511FE2CA09CC2E06C3CD6519C3494E	43008	----a-w-	C:\Users\Georg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2wl0o9.dll
2015-01-03 00:21:01	D845D67482DDBA0275376C8C9AB2BE61	772256	----a-w-	C:\Users\Georg\AppData\Local\Temp\ICReinstall_total-war-rome-ii-full-version.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2015-01-13 19:22:23	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-13 19:21:57	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2015-01-13 19:21:57	9D7BFFDB5FA62B600DF1FCB4919D9D79	64216	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2015-01-13 19:21:57	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
2014-12-27 18:37:20	DF17B1C89A7FF1C2CFD9E0DE215F7F72	3072	----a-w-	C:\Windows\Sysnative\Tasks\{C71106F5-EA2F-4D84-9C81-EA505F58A16C}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-22 15:31:39	--------	d-----w-	C:\Program Files\OBS
======= C:\PROGRA~2 =====
2015-01-13 17:46:35	--------	d-----w-	C:\PROGRA~2\Nightly
2015-01-08 16:48:49	--------	d-----w-	C:\PROGRA~2\Nightly.bak
2015-01-08 16:48:29	--------	d-----w-	C:\PROGRA~2\VideoLAN
2014-12-22 15:31:37	--------	d-----w-	C:\PROGRA~2\OBS
======= C: =====
====== C:\Users\Georg\AppData\Roaming ======
2015-01-08 16:49:05	--------	d-----w-	C:\Users\Georg\AppData\Roaming\vlc
2015-01-06 14:13:05	--------	d-----w-	C:\Users\Georg\AppData\Local\PackageStaging
2014-12-26 19:35:20	--------	d-----w-	C:\Users\Georg\AppData\Local\Windows Live
2014-12-22 23:10:11	--------	d-sh--w-	C:\Users\Georg\AppData\Local\EmieBrowserModeList
2014-12-22 23:10:03	--------	d-sh--w-	C:\Users\Georg\AppData\Locallow\EmieBrowserModeList
2014-12-22 15:31:46	--------	d-----w-	C:\Users\Georg\AppData\Roaming\OBS
2014-12-22 15:31:40	--------	d-----w-	C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-12-22 01:12:17	85F2DCE4052496B4360136710DEF2795	1463	----a-w-	C:\Users\Georg\AppData\Local\recently-used.xbel
====== C:\Users\Georg ======
2015-01-13 19:20:41	3BD59D6C407AB1F6DDD7C5D9BD727469	20447072	----a-w-	C:\Users\Georg\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-13 19:14:43	61CA40317EBF1254770BF8B495B3F8DA	2191360	----a-w-	C:\Users\Georg\Desktop\AdwCleaner_4.107.exe
2015-01-13 19:14:37	61CA40317EBF1254770BF8B495B3F8DA	2191360	----a-w-	C:\Users\Georg\Downloads\AdwCleaner_4.107.exe
2015-01-13 18:51:01	63BC47D1184B92BBAE42654E355E8DF7	2124288	----a-w-	C:\Users\Georg\Desktop\FRST64.exe
2015-01-13 18:50:31	63BC47D1184B92BBAE42654E355E8DF7	2124288	----a-w-	C:\Users\Georg\Downloads\FRST64.exe
2015-01-08 16:48:47	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

====== C: exe-files ==
2015-01-13 19:45:58	29E8B03DC1BB67A0A0DAB7689900CA62	544	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-24537952-2852794462-3476313194-1002\$I9YR4QD.exe
2015-01-13 19:21:07	3BD59D6C407AB1F6DDD7C5D9BD727469	20447072	----a-w-	C:\$RECYCLE.BIN\S-1-5-21-24537952-2852794462-3476313194-1002\$R9YR4QD.exe
2015-01-13 17:46:40	C323AD087D8EF42B0D633D9F8F5719B5	127064	----a-w-	C:\Program Files (x86)\Nightly\wow_helper.exe
2015-01-13 17:46:37	D4774B963A46495CCFD73C521E29C21F	267376	----a-w-	C:\Program Files (x86)\Nightly\plugin-container.exe
2015-01-13 17:46:37	BF0ECFF1A9593472B0C2301863C88264	914880	----a-w-	C:\Program Files (x86)\Nightly\uninstall\helper.exe
2015-01-13 17:46:37	9CCAACE15A45B1FC26FA304710681B57	295536	----a-w-	C:\Program Files (x86)\Nightly\updater.exe
2015-01-13 17:46:37	30403909448069656FB8D197A2A3EB1A	172656	----a-w-	C:\Program Files (x86)\Nightly\plugin-hang-ui.exe
2015-01-13 17:46:37	270B21F3F89F8BA1D2C83EFBBBA29618	91032	----a-w-	C:\Program Files (x86)\Nightly\webapp-uninstaller.exe
2015-01-13 17:46:37	146C6529B31E255334087020DA4BDF8B	132720	----a-w-	C:\Program Files (x86)\Nightly\webapprt-stub.exe
2015-01-13 17:46:36	F0B36BD41E94F39C3472E460F2E9F2D3	185432	----a-w-	C:\Program Files (x86)\Nightly\maintenanceservice_installer.exe
2015-01-13 17:46:36	7F43A2DE8BC55AF692789EBA7E2EA030	282736	----a-w-	C:\Program Files (x86)\Nightly\crashreporter.exe
2015-01-13 17:46:36	6465D9F536442476386405A9767D028C	390256	----a-w-	C:\Program Files (x86)\Nightly\firefox.exe
2015-01-13 17:46:36	5CC385D3117D0FC6B3E379D75A047BBB	148592	----a-w-	C:\Program Files (x86)\Nightly\maintenanceservice.exe
2015-01-08 16:48:55	3D4481E71BD1AC8AD4C14442E3CA6D09	132720	----a-w-	C:\Program Files (x86)\Nightly.bak\webapprt-stub.exe
2015-01-08 16:48:54	BFEBA410866060380FCADC9CB84C4E78	91032	----a-w-	C:\Program Files (x86)\Nightly.bak\webapp-uninstaller.exe
2015-01-08 16:48:54	B775AFD4B2D0DEF01BE83CFE2D14B8F7	295536	----a-w-	C:\Program Files (x86)\Nightly.bak\updater.exe
2015-01-08 16:48:53	DDAA7EE06019B4F28A9A0ABA5D9CC1D8	172656	----a-w-	C:\Program Files (x86)\Nightly.bak\plugin-hang-ui.exe
2015-01-08 16:48:53	879E141BE2A9DFCFA3212CCE509B9A38	267376	----a-w-	C:\Program Files (x86)\Nightly.bak\plugin-container.exe
2015-01-08 16:48:53	6D11FAD10E560EFA69B21E052ED81B52	914880	----a-w-	C:\Program Files (x86)\Nightly.bak\uninstall\helper.exe
2015-01-08 16:48:52	AFCD86E93D26AD9222650FCED9D3DEA3	148592	----a-w-	C:\Program Files (x86)\Nightly.bak\maintenanceservice.exe
2015-01-08 16:48:52	6735877D2693C0D623DF07E0E702BCDD	185432	----a-w-	C:\Program Files (x86)\Nightly.bak\maintenanceservice_installer.exe
2015-01-08 16:48:51	D61FBBADC6C9A41F246D11EB590D9056	390256	----a-w-	C:\Program Files (x86)\Nightly.bak\firefox.exe
2015-01-08 16:48:51	A2F465AD88CA7C68DFFE132B52E571D2	282736	----a-w-	C:\Program Files (x86)\Nightly.bak\crashreporter.exe
=== C: other files ==
2015-01-13 19:22:23	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-13 19:21:57	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2015-01-13 19:21:57	9D7BFFDB5FA62B600DF1FCB4919D9D79	64216	----a-w-	C:\Windows\System32\drivers\mwac.sys
2015-01-13 19:21:57	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 13.01.2015 at 21:36:16,85 ======================

deeprybka · 13.01.2015, 21:50

Schritt 1

Gib in das Search-Feld:
Code:
ATTFilter

*.scr

ein.
Klicke auf den Search Files Button.
Bitte poste die erstellte Search.txt - Datei in Deiner nächsten Antwort.

Kuetschi · 13.01.2015, 22:00

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Georg at 2015-01-13 21:57:02
Running from C:\Users\Georg\Desktop
Boot Mode: Normal

================== Search Files: "*.scr" =============

C:\Windows\WLXPGSS.SCR
[2013-02-05 22:56][2013-02-05 22:56] 0322048 ____A (Microsoft Corporation) F3D39FB1DBF3914B9673814D858F2DC0 [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-sstext3d_31bf3856ad364e35_6.3.9600.16384_none_98d87d057b35c920\ssText3d.scr
[2013-08-22 04:44][2013-08-22 04:44] 0190976 ____A (Microsoft Corporation) 899A21C1DB61B6615015E2A6F580780F [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-scrnsave_31bf3856ad364e35_6.3.9600.16384_none_75df658af5fe6d25\scrnsave.scr
[2013-08-22 05:02][2013-08-22 05:02] 0010752 ____A (Microsoft Corporation) 8B28FF593ED62E4E51836CE6DB994383 [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.3.9600.16384_none_1d54a88943958085\Ribbons.scr
[2013-08-22 04:45][2013-08-22 04:45] 0121344 ____A (Microsoft Corporation) BDEDAEE779941DB648F80E3A44BF3417 [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.3.9600.16384_none_006e435f740f94c7\PhotoScreensaver.scr
[2013-08-22 04:16][2013-08-22 04:15] 0520704 ____A (Microsoft Corporation) 160388C675E4FF9364B3EF80120FF983 [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-mystify_31bf3856ad364e35_6.3.9600.16384_none_84b15f997af6da3b\Mystify.scr
[2013-08-22 04:45][2013-08-22 04:45] 0121856 ____A (Microsoft Corporation) D6A3827018DEF38AE03C761E5B3D4B53 [File is signed]

C:\Windows\WinSxS\x86_microsoft-windows-bubbles_31bf3856ad364e35_6.3.9600.16384_none_031e0ac2e58b36bb\Bubbles.scr
[2013-08-22 04:45][2013-08-22 04:45] 0780288 ____A (Microsoft Corporation) 9D6E688F594E25655B35DEF39023F77B [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-sstext3d_31bf3856ad364e35_6.3.9600.16384_none_f4f7188933933a56\ssText3d.scr
[2013-08-22 12:09][2013-08-22 12:09] 0209408 ____A (Microsoft Corporation) 5E4F69C0CAA6D78E14EA38455E54BE71 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-scrnsave_31bf3856ad364e35_6.3.9600.16384_none_d1fe010eae5bde5b\scrnsave.scr
[2013-08-22 12:31][2013-08-22 12:31] 0011776 ____A (Microsoft Corporation) 0510DE9982590C7C73B0747D43A9E460 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-ribbons_31bf3856ad364e35_6.3.9600.16384_none_7973440cfbf2f1bb\Ribbons.scr
[2013-08-22 12:11][2013-08-22 12:11] 0130048 ____A (Microsoft Corporation) E9B9264C14D5DDD90E1E23C61F1BFE06 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.3.9600.16384_none_5c8cdee32c6d05fd\PhotoScreensaver.scr
[2013-08-22 11:31][2013-08-22 11:31] 0571392 ____A (Microsoft Corporation) CE7EEC8CD97D52E65BCDBB55C78984C0 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-mystify_31bf3856ad364e35_6.3.9600.16384_none_e0cffb1d33544b71\Mystify.scr
[2013-08-22 12:11][2013-08-22 12:11] 0131072 ____A (Microsoft Corporation) 846832F7192D4370AE8E86C60BBE7E66 [File is signed]

C:\Windows\WinSxS\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.3.9600.16384_none_5f3ca6469de8a7f1\Bubbles.scr
[2013-08-22 12:11][2013-08-22 12:11] 0786432 ____A (Microsoft Corporation) 8D75E732F72A7D9159AB3FB259C65DC5 [File is signed]

C:\Windows\SysWOW64\Bubbles.scr
[2013-08-22 04:45][2013-08-22 04:45] 0780288 ____A (Microsoft Corporation) 9D6E688F594E25655B35DEF39023F77B [File is signed]

C:\Windows\SysWOW64\Mystify.scr
[2013-08-22 04:45][2013-08-22 04:45] 0121856 ____A (Microsoft Corporation) D6A3827018DEF38AE03C761E5B3D4B53 [File is signed]

C:\Windows\SysWOW64\PhotoScreensaver.scr
[2013-08-22 04:16][2013-08-22 04:15] 0520704 ____A (Microsoft Corporation) 160388C675E4FF9364B3EF80120FF983 [File is signed]

C:\Windows\SysWOW64\Ribbons.scr
[2013-08-22 04:45][2013-08-22 04:45] 0121344 ____A (Microsoft Corporation) BDEDAEE779941DB648F80E3A44BF3417 [File is signed]

C:\Windows\SysWOW64\scrnsave.scr
[2013-08-22 05:02][2013-08-22 05:02] 0010752 ____A (Microsoft Corporation) 8B28FF593ED62E4E51836CE6DB994383 [File is signed]

C:\Windows\SysWOW64\ssText3d.scr
[2013-08-22 04:44][2013-08-22 04:44] 0190976 ____A (Microsoft Corporation) 899A21C1DB61B6615015E2A6F580780F [File is signed]

C:\Windows\System32\Bubbles.scr
[2013-08-22 12:11][2013-08-22 12:11] 0786432 ____A (Microsoft Corporation) 8D75E732F72A7D9159AB3FB259C65DC5 [File is signed]

C:\Windows\System32\Mystify.scr
[2013-08-22 12:11][2013-08-22 12:11] 0131072 ____A (Microsoft Corporation) 846832F7192D4370AE8E86C60BBE7E66 [File is signed]

C:\Windows\System32\PhotoScreensaver.scr
[2013-08-22 11:31][2013-08-22 11:31] 0571392 ____A (Microsoft Corporation) CE7EEC8CD97D52E65BCDBB55C78984C0 [File is signed]

C:\Windows\System32\Ribbons.scr
[2013-08-22 12:11][2013-08-22 12:11] 0130048 ____A (Microsoft Corporation) E9B9264C14D5DDD90E1E23C61F1BFE06 [File is signed]

C:\Windows\System32\scrnsave.scr
[2013-08-22 12:31][2013-08-22 12:31] 0011776 ____A (Microsoft Corporation) 0510DE9982590C7C73B0747D43A9E460 [File is signed]

C:\Windows\System32\ssText3d.scr
[2013-08-22 12:09][2013-08-22 12:09] 0209408 ____A (Microsoft Corporation) 5E4F69C0CAA6D78E14EA38455E54BE71 [File is signed]

C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2\scripts\settings.scr
[2014-02-04 12:28][2014-02-04 12:28] 0001988 ____A () 82749E7F114AC97599E9AD7B07D7BD25

C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2\cfg\settings_default.scr
[2014-07-09 10:46][2014-07-09 10:46] 0001246 ____A () 9CC328C3AC02A2152088E395993F6BD7

C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2\cfg\user_default.scr
[2014-07-09 10:47][2014-07-09 10:47] 0001212 ____A () B506834F06F7DF541495F88A96A0B4CC

C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\scripts\settings.scr
[2014-02-02 10:54][2014-02-02 10:54] 0001988 ____A () 82749E7F114AC97599E9AD7B07D7BD25

C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\cfg\settings_default.scr
[2014-02-02 09:37][2014-02-02 09:37] 0002586 ____A () A4D5EFCE3A054D01E6498939F5F3563D

C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo\cfg\user_default.scr
[2014-02-02 09:37][2014-02-02 09:37] 0001912 ____A () 790F3179B1CCF299C8A0391E38944558

C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\firefox.scr
[2015-01-13 20:21][2014-11-21 06:12] 0761656 ____A (MalwareBytes) 625BB08813743947985B0DEEFC35ED12 [File is signed]

C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\mbam-chameleon.scr
[2015-01-13 20:21][2014-11-21 06:12] 0761656 ____A (MalwareBytes) 625BB08813743947985B0DEEFC35ED12 [File is signed]

====== End Of Search ======

Sorry das die Antwort so lange gedauert hat musste kurz weg bin jz wieder da.

MfG Kütschi

deeprybka · 13.01.2015, 22:05

Ok,
ich werde die Datei mal genauer anschauen. Vielleicht haben wir Glück und die läuft bei Windows 8 garnicht.

In der Zwischenzeit machen wir einfach weiter:

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Kuetschi · 13.01.2015, 22:20

Kann es sein das dieser Scanner länger dauert, denn er ist seit rund 10min bei 12%!
Normal?

MfG Kütschi

deeprybka · 13.01.2015, 22:22

ja der dauert länger...so paar Stunden....

Reicht ja wenn Du morgen weitermachst....Kannst ja über Nacht laufen lassen. So wie es Dir am liebsten ist.

13.01.2015, 20:59	#6
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	scrnhost.com/img_72938.png Trojaner ? (.scr datei) Hast Du die scr-Datei angeklickt bzw. gestartet? (Die Dateierweiterung ist eigentlich von einer Bildschirmschoner-Datei.) __________________ --> scrnhost.com/img_72938.png Trojaner ? (.scr datei)

scrnhost.com/img_72938.png Trojaner ? (.scr datei)

Plagegeister aller Art und deren Bekämpfung: scrnhost.com/img_72938.png Trojaner ? (.scr datei)