GUV-Trojaner eingefangen, kein abgesicherter Modus möglich

Matze55 · 04.04.2015, 21:56

Hallo, ich habe mir den GUV-Trojaner eingefangen.
Abgesicherter Modus funktionier nicht und diverse Windowsunlocker zum Booten über CD oder USB auch nicht. Ich habe mir jetzt eine OLTPE-CD erstellt und nach Anleitung die Logs erstellt (im Anhang). Ich hoffe ihr könnt mir weiter helfen.

schrauber · 04.04.2015, 22:04

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Matze55 · 05.04.2015, 06:00

Sorry, das wusste ich noch nicht.
Hier die Logs für Extra:

Code:

ATTFilter

OTL Extras logfile created on: 4/4/2015 11:29:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 16.62 Gb Free Space | 0.89% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}" = Oracle VM VirtualBox 4.3.20
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb" = estamp_exe
"CCleaner" = CCleaner
"HitmanPro.Alert" = HitmanPro.Alert
"Lexmark Pro5500 Series" = Lexmark Pro5500 Series Deinstallationsprogamm
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}" = Oracle VM VirtualBox 4.3.20
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb" = estamp_exe
"CCleaner" = CCleaner
"HitmanPro.Alert" = HitmanPro.Alert
"Lexmark Pro5500 Series" = Lexmark Pro5500 Series Deinstallationsprogamm
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.11 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
< End of report >

und der OTL:

Code:

ATTFilter

OTL logfile created on: 4/4/2015 11:29:59 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 16.62 Gb Free Space | 0.89% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\System32\appmgmts.dll (Microsoft Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (hmpalertsvc) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (SurfRight B.V.)
SRV - (RzWizardService) -- C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe (Razer Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (hmpalert) -- C:\Windows\System32\drivers\hmpalert.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\System32\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\System32\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (TFsExDisk) -- C:\Windows\System32\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (SKYNET) -- C:\Windows\System32\drivers\SkyNET_AMD64.sys (TechniSat Digital, S.A.)
DRV:64bit: - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\system32\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\System32\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (Cardex) -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\MJ_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\MJ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\MJ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\MJ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\MJ_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found
IE - HKU\MJ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/07 19:08:48 | 000,000,000 | ---D | M]
 
[2014/09/19 11:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/29 13:47:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (no name) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\MJ_ON_C\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe (Razer Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\MJ_ON_C..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\MJ_ON_C..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\MJ_ON_C..\Run: [LMADLmon] C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_0dn_XP]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_1dn]  File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda4_1dn_XP]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 600
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\MJ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab (DLM Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (C:\Users\MJ\AppData\Roaming\loadit.exe) - C:\Users\MJ\AppData\Roaming\loadit.exe ()
O20:64bit: - HKLM Winlogon: UserInit - (: UserInit -) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (C:\Users\MJ\AppData\Roaming\loadit.exe) - C:\Users\MJ\AppData\Roaming\loadit.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\MJ_ON_C Winlogon: Shell - (C:\Users\MJ\AppData\Roaming\loadit.exe) - C:\Users\MJ\AppData\Roaming\loadit.exe ()
O20 - HKU\MJ_ON_C Winlogon: UserInit - (C:\Users\MJ\AppData\Roaming\loadit.exe) - C:\Users\MJ\AppData\Roaming\loadit.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (ژʌ) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/04/01 17:30:37 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\Neuer Ordner (6)
[2015/03/31 15:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2015/03/21 21:30:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2015/03/21 07:32:11 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2015/03/21 07:32:11 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/03/21 07:29:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2015/03/21 07:29:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2015/03/08 16:23:35 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\Indien2014
[2015/03/08 16:22:27 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\tg15
[2015/03/08 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\MJ\Desktop\Neuer Ordner (5)
[2012/12/02 06:56:21 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lexlog.dll
[2012/05/04 04:48:54 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADLQ32comc.dll
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/04/04 15:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/04 15:42:09 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/04 15:23:58 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2015/04/04 14:43:22 | 000,026,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/04 14:43:21 | 000,026,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/03 14:29:24 | 000,000,712 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2015/04/03 14:29:22 | 000,604,790 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\loadit.exe
[2015/04/02 16:29:29 | 000,004,012 | ---- | M] () -- C:\Users\MJ\Desktop\03. Not Strong Enough (feat. Brent Smith) - Verknüpfung.lnk
[2015/04/02 16:01:56 | 000,000,739 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2015/04/01 17:33:19 | 008,828,552 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015/04/01 17:33:19 | 003,040,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/04/01 17:33:19 | 002,679,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015/04/01 17:33:19 | 002,396,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/03/31 16:08:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2015/03/21 19:17:24 | 098,496,864 | ---- | M] () -- C:\Users\MJ\AppData\Roaming\autostarter.exe
[2015/03/10 17:21:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2015/03/06 18:54:40 | 981,194,115 | ---- | M] () -- C:\Users\MJ\Desktop\rla-seso.ts.mkv
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/04/03 14:29:24 | 000,000,712 | ---- | C] () -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2015/04/03 14:29:17 | 000,604,790 | ---- | C] () -- C:\Users\MJ\AppData\Roaming\loadit.exe
[2015/04/02 16:29:29 | 000,004,012 | ---- | C] () -- C:\Users\MJ\Desktop\03. Not Strong Enough (feat. Brent Smith) - Verknüpfung.lnk
[2015/04/02 16:01:56 | 000,000,739 | ---- | C] () -- C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
[2015/04/02 16:01:53 | 098,496,864 | ---- | C] () -- C:\Users\MJ\AppData\Roaming\autostarter.exe
[2015/03/08 14:40:34 | 981,194,115 | ---- | C] () -- C:\Users\MJ\Desktop\rla-seso.ts.mkv
[2014/12/26 10:20:21 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2014/11/13 05:07:47 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/09/18 16:28:34 | 000,000,093 | ---- | C] () -- C:\Users\MJ\AppData\Roaming\WB.CFG
[2014/02/16 03:02:50 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/10/30 07:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 07:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 07:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 07:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 07:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/30 19:00:46 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak
[2012/10/30 19:00:46 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/08/15 19:00:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/06/19 08:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/20 12:14:55 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011/05/22 02:31:02 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/05/22 02:31:02 | 000,002,689 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/03/19 06:00:10 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/02/17 16:45:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/06 07:49:45 | 000,000,120 | ---- | C] () -- C:\Windows\disney.ini
[2010/08/20 04:18:50 | 000,007,680 | ---- | C] () -- C:\Users\MJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 05:57:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010/07/22 07:10:21 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/05/27 20:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/03/17 10:19:17 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/03/03 11:44:37 | 000,005,656 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/03 11:12:55 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/19 19:31:26 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/02/19 19:31:26 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/02/19 19:16:16 | 000,007,603 | ---- | C] () -- C:\Users\MJ\AppData\Local\resmon.resmoncfg
[2010/02/19 19:03:40 | 000,034,855 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/02/19 19:03:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/02/19 19:03:03 | 000,026,709 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 22:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 13:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2005/04/04 01:59:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
 
========== LOP Check ==========
 
[2011/12/19 13:43:37 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\1&1 Mail & Media GmbH
[2014/10/09 08:38:43 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\8floor
[2014/12/07 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\AlawarEntertainment
[2012/11/20 14:31:28 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\AllDup
[2013/06/29 06:38:35 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Audacity
[2014/08/28 16:40:35 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Battle.net
[2010/09/09 04:27:16 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Bioshock
[2010/03/29 09:55:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Bioshock2
[2013/01/13 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Blender Foundation
[2014/10/01 12:16:31 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Brave Giant
[2014/11/14 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\calibre
[2013/04/07 07:50:37 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Canon
[2014/11/13 05:07:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\CDXReader
[2014/12/26 10:20:21 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Cliqz
[2013/01/14 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/08/12 05:03:56 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2010/08/13 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/08/06 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Command and Conquer 4
[2010/06/18 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\DAEMON Tools Lite
[2011/04/19 11:10:27 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\DassaultSystemes
[2011/08/18 07:17:12 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Day 1 Studios
[2014/11/13 07:07:43 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\DigitalSites
[2014/11/13 16:15:37 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Dropbox
[2012/01/03 16:37:50 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\DVDFab
[2014/12/13 04:46:28 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Five-BN Games
[2011/02/11 06:53:02 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\GitarreroBeginner
[2011/12/31 11:13:45 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Guitar Pro 6
[2014/10/01 12:15:18 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Intenium
[2014/11/13 05:07:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\LavFilters
[2014/10/06 11:00:17 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Lazy Turtle Games
[2010/07/26 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Leadertech
[2012/03/21 14:40:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Lexware
[2011/08/29 04:37:49 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Lionhead Studios
[2013/06/04 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Origin
[2012/01/13 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Panda Security
[2011/02/17 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\PCFix
[2012/06/18 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\pokerth
[2011/05/22 02:29:29 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\proDAD
[2011/05/15 13:01:06 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\PunkBuster
[2010/08/07 04:15:35 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Red Alert 3
[2014/11/14 19:03:06 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Samsung
[2011/06/19 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\The Creative Assembly
[2014/10/07 03:44:54 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\TikisLab
[2010/03/29 10:08:46 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\TomTom
[2010/11/06 08:35:29 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Touchstone
[2013/12/21 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\TS3Client
[2011/05/06 13:49:48 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Ubisoft
[2011/02/17 16:12:59 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Uniblue
[2015/04/02 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\UseNeXT
[2011/04/23 14:38:55 | 000,000,000 | ---D | M] -- C:\Users\MJ\AppData\Roaming\Youtube Downloader HD
[2012/12/02 06:50:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ADL
[2012/11/20 13:49:52 | 000,000,000 | ---D | M] -- C:\ProgramData\AllDup
[2010/02/19 18:04:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/02/19 19:44:51 | 000,000,000 | ---D | M] -- C:\ProgramData\ASUS OC Profiles
[2014/11/12 15:24:17 | 000,000,000 | ---D | M] -- C:\ProgramData\b5a2c01b5e95a407
[2013/06/08 05:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2010/09/02 07:01:31 | 000,000,000 | ---D | M] -- C:\ProgramData\BewerbungsMaster
[2013/01/14 14:51:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Big Fish Games
[2010/05/06 12:07:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2010/02/19 20:57:19 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/02/20 09:42:11 | 000,000,000 | ---D | M] -- C:\ProgramData\CMUV
[2010/02/20 07:29:36 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011/05/05 17:45:06 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/02/19 18:04:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/08/29 04:52:29 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2013/04/07 08:26:02 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2013/12/08 06:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/02/19 19:57:02 | 000,000,000 | ---D | M] -- C:\ProgramData\EPU
[2010/02/19 18:04:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/12/02 07:42:54 | 000,000,000 | ---D | M] -- C:\ProgramData\gn_Logs
[2011/12/31 11:13:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Guitar Pro 6
[2014/11/13 05:17:03 | 000,000,000 | ---D | M] -- C:\ProgramData\HitmanPro.Alert
[2010/02/20 12:32:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2014/10/01 12:15:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2012/03/23 15:52:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexware
[2012/12/02 07:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\lx_CATS
[2014/11/13 05:50:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2013/06/04 13:43:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2015/03/05 15:24:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Package Cache
[2014/06/10 15:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Panda Security
[2013/11/16 17:45:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Panda Security URL Filtering
[2011/05/22 01:29:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2011/05/22 01:50:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio
[2011/05/22 01:27:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio Plus
[2011/05/22 01:30:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011/05/22 02:28:35 | 000,000,000 | ---D | M] -- C:\ProgramData\proDAD
[2013/03/02 10:46:31 | 000,000,000 | ---D | M] -- C:\ProgramData\PSU
[2014/12/20 13:18:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Razer
[2012/12/08 04:19:21 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2013/12/08 07:02:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2011/08/04 06:04:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/02/19 18:04:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/22 01:27:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Studio 14
[2010/02/28 05:48:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2010/02/20 09:18:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Technisat
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/01/11 15:47:17 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2010/03/29 10:09:00 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2013/09/02 11:45:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/02/19 18:04:12 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/02/20 07:19:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/07/05 08:27:38 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/12/29 19:50:44 | 000,000,000 | ---D | M] -- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2014/12/20 15:27:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2015/03/10 15:00:10 | 000,000,000 | ---D | M](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\䙔䵁
[2015/03/10 15:00:10 | 000,000,000 | ---D | C](C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\䙔䵁
[2013/06/29 04:33:58 | 013,440,380 | ---- | M] ()(C:\Users\MJ\Desktop\PSY?? - GANGNAM STYLE (?????) Waveya ???? Korean dance team.mp4) -- C:\Users\MJ\Desktop\PSY싸이 - GANGNAM STYLE (강남스타일) Waveya 웨이브야 Korean dance team.mp4
[2013/06/29 04:33:35 | 013,440,380 | ---- | C] ()(C:\Users\MJ\Desktop\PSY?? - GANGNAM STYLE (?????) Waveya ???? Korean dance team.mp4) -- C:\Users\MJ\Desktop\PSY싸이 - GANGNAM STYLE (강남스타일) Waveya 웨이브야 Korean dance team.mp4
[2012/10/17 17:06:44 | 023,364,596 | ---- | M] ()(C:\Users\MJ\Documents\??????????CrazyTrain?????????.mp4) -- C:\Users\MJ\Documents\メタル布教活動としてCrazyTrainのギター弾いてみた.mp4
[2012/10/17 17:03:16 | 023,364,596 | ---- | C] ()(C:\Users\MJ\Documents\??????????CrazyTrain?????????.mp4) -- C:\Users\MJ\Documents\メタル布教活動としてCrazyTrainのギター弾いてみた.mp4
[2012/04/13 09:52:16 | 015,668,366 | ---- | M] ()(C:\Users\MJ\Documents\- ? - Neon is From Another World - ? -.mp4) -- C:\Users\MJ\Documents\- ♥ - Neon is From Another World - ♥ -.mp4
[2012/04/13 09:46:06 | 015,668,366 | ---- | C] ()(C:\Users\MJ\Documents\- ? - Neon is From Another World - ? -.mp4) -- C:\Users\MJ\Documents\- ♥ - Neon is From Another World - ♥ -.mp4
[2012/02/28 15:10:39 | 013,355,331 | ---- | M] ()(C:\Users\MJ\Documents\?????????? freestale.mp4) -- C:\Users\MJ\Documents\Спортбайки freestale.mp4
[2012/02/28 15:08:12 | 013,355,331 | ---- | C] ()(C:\Users\MJ\Documents\?????????? freestale.mp4) -- C:\Users\MJ\Documents\Спортбайки freestale.mp4
[2012/02/28 14:57:15 | 007,814,227 | ---- | M] ()(C:\Users\MJ\Documents\? ?????? ? ?????!!!.mp4) -- C:\Users\MJ\Documents\И смешно и вярно!!!.mp4
[2012/02/28 14:56:23 | 007,814,227 | ---- | C] ()(C:\Users\MJ\Documents\? ?????? ? ?????!!!.mp4) -- C:\Users\MJ\Documents\И смешно и вярно!!!.mp4
[2012/02/21 15:30:33 | 008,440,013 | ---- | M] ()(C:\Users\MJ\Documents\North Korea army parade-??????-?????????.mp4) -- C:\Users\MJ\Documents\North Korea army parade-朝鮮軍隊閱兵-北朝鮮軍のパレード.mp4
[2012/02/21 15:28:33 | 008,440,013 | ---- | C] ()(C:\Users\MJ\Documents\North Korea army parade-??????-?????????.mp4) -- C:\Users\MJ\Documents\North Korea army parade-朝鮮軍隊閱兵-北朝鮮軍のパレード.mp4
< End of report >

Aber Danke für die schnelle Antwort.

schrauber · 05.04.2015, 13:18

OTL zeigt zu wenig.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Matze55 · 05.04.2015, 20:04

Hier nun das Ergebnis von frst64:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SYSTEM on MININT-6GLP8MJ on 05-04-2015 22:01:04
Running from F:\
Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-20] (Razer Inc.)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [NoViewContextMenu] 1
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\MJ\...\Run: [LMADLmon] => C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe [948360 2011-11-23] ()
HKU\MJ\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\MJ\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\MJ\...\Policies\system: [DisableRegistryTools] 1
HKU\MJ\...\Policies\system: [DisableTaskMgr] 1
HKU\MJ\...\Policies\Explorer: [NoViewContextMenu] 1
HKU\MJ\...\Winlogon: [Userinit] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] ()
HKU\MJ\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <==== ATTENTION 
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
BootExecute: autocheck autochk * ژʌ

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-13] (SurfRight B.V.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-20] (Razer Inc.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [988216 2011-01-05] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-05] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
S2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-13] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET_AMD64.SYS [615440 2009-09-11] (TechniSat Digital, S.A.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-20] (Duplex Secure Ltd.)
S2 TBPanel; No ImagePath
S0 sfdrv01; System32\drivers\sfdrv01.sys [X]
S0 sfhlp02; System32\drivers\sfhlp02.sys [X]
S0 sfsync02; System32\drivers\sfsync02.sys [X]
S0 sfvfs02; System32\drivers\sfvfs02.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 22:00 - 2015-04-05 22:01 - 00000000 ____D () C:\FRST
2015-04-05 04:32 - 2015-04-05 04:32 - 00029980 _____ () C:\Extras.Txt
2015-04-05 04:19 - 2015-04-05 04:32 - 00077338 _____ () C:\OTL.Txt
2015-04-03 19:29 - 2015-04-03 19:29 - 00604790 _____ () C:\Users\MJ\AppData\Roaming\loadit.exe
2015-04-03 19:29 - 2015-04-03 19:29 - 00000036 _____ () C:\Users\MJ\AppData\Roaming\url.txt
2015-04-02 21:29 - 2015-04-02 21:29 - 00004012 _____ () C:\Users\MJ\Desktop\03. Not Strong Enough (feat. Brent Smith) - Verknüpfung.lnk
2015-04-02 21:01 - 2015-03-22 00:17 - 98496864 _____ () C:\Users\MJ\AppData\Roaming\autostarter.exe
2015-04-01 22:30 - 2015-04-01 22:39 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (6)
2015-03-31 20:59 - 2015-03-31 21:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-21 12:32 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-03-21 12:32 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-21 12:29 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-03-21 12:29 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 20:00 - 2015-03-10 20:00 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-08 21:23 - 2015-03-08 21:45 - 00000000 ____D () C:\Users\MJ\Desktop\Indien2014
2015-03-08 21:22 - 2015-03-08 21:22 - 00000000 ____D () C:\Users\MJ\Desktop\tg15
2015-03-08 21:07 - 2015-03-08 21:53 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (5)
2015-03-08 19:40 - 2015-03-06 23:54 - 981194115 _____ () C:\Users\MJ\Desktop\rla-seso.ts.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 04:13 - 2010-02-19 23:04 - 00000000 ____D () C:\users\MJ
2015-04-04 20:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 20:39 - 2014-11-13 11:53 - 00424370 _____ () C:\Windows\setupact.log
2015-04-04 20:39 - 2010-02-19 23:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-04 20:23 - 2010-02-20 00:36 - 00000177 ____H () C:\dvmexp.idx
2015-04-04 19:43 - 2009-07-14 05:45 - 00026336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 19:43 - 2009-07-14 05:45 - 00026336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 19:30 - 2010-02-19 23:04 - 01332124 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 19:29 - 2014-11-13 10:17 - 00000000 ____D () C:\Windows\CryptoGuard
2015-04-02 23:22 - 2010-04-05 10:16 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\UseNeXT
2015-04-02 23:17 - 2010-02-26 11:16 - 00000000 ____D () C:\Users\MJ\Documents\UseNeXT
2015-04-02 21:25 - 2011-03-18 11:23 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\vlc
2015-04-01 22:33 - 2009-07-14 18:58 - 08828552 _____ () C:\Windows\System32\perfh007.dat
2015-04-01 22:33 - 2009-07-14 18:58 - 02679500 _____ () C:\Windows\System32\perfc007.dat
2015-04-01 22:33 - 2009-07-14 06:13 - 00006564 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-03-31 21:09 - 2011-03-18 10:25 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-31 21:05 - 2010-02-20 12:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\WinRAR
2015-03-31 21:02 - 2011-01-09 16:52 - 05458432 ___SH () C:\Users\MJ\Desktop\Thumbs.db
2015-03-31 20:34 - 2010-02-26 14:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\dvdcss
2015-03-22 02:37 - 2010-02-23 17:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-21 12:25 - 2011-02-17 21:57 - 01340416 ___SH () C:\Users\MJ\Downloads\Thumbs.db
2015-03-11 20:14 - 2014-11-13 11:53 - 00161996 _____ () C:\Windows\PFRO.log
2015-03-11 20:14 - 2014-11-13 11:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-10 22:21 - 2014-11-13 11:04 - 00000000 ____D () C:\ProgramData\Avira
2015-03-08 21:20 - 2014-03-06 20:50 - 00000000 ____D () C:\Users\MJ\Desktop\101_PANA
2015-03-08 21:07 - 2014-12-16 20:57 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (4)

Some content of TEMP:
====================
C:\Users\MJ\AppData\Local\Temp\AutoRun.exe
C:\Users\MJ\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\MJ\AppData\Local\Temp\avgnt.exe
C:\Users\MJ\AppData\Local\Temp\DivXSetup.exe
C:\Users\MJ\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\MJ\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\MJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3n09u.dll
C:\Users\MJ\AppData\Local\Temp\EAInstall.dll
C:\Users\MJ\AppData\Local\Temp\eauninstall.exe
C:\Users\MJ\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-03-13 20:18:06
Restore point made on: 2015-03-17 21:44:41
Restore point made on: 2015-03-21 23:42:56
Restore point made on: 2015-03-22 02:21:33
Restore point made on: 2015-03-25 20:28:09
Restore point made on: 2015-03-29 21:09:58
Restore point made on: 2015-04-01 21:57:04

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8183.05 MB
Available physical RAM: 7380.43 MB
Total Pagefile: 8181.2 MB
Available Pagefile: 7377.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:16.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 10C34588)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2015-03-31 19:50

==================== End Of Log ============================

--- --- ---

schrauber · 06.04.2015, 13:40

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\MJ\...\Policies\system: [DisableRegistryTools] 1
HKU\MJ\...\Policies\system: [DisableTaskMgr] 1
HKU\MJ\...\Policies\Explorer: [NoViewContextMenu] 1
HKU\MJ\...\Winlogon: [Userinit] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] ()
HKU\MJ\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <==== ATTENTION 
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
BootExecute: autocheck autochk * ژʌ
2015-04-03 19:29 - 2015-04-03 19:29 - 00604790 _____ () C:\Users\MJ\AppData\Roaming\loadit.exe
2015-04-03 19:29 - 2015-04-03 19:29 - 00000036 _____ () C:\Users\MJ\AppData\Roaming\url.txt
2015-04-02 21:01 - 2015-03-22 00:17 - 98496864 _____ () C:\Users\MJ\AppData\Roaming\autostarter.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Matze55 · 06.04.2015, 18:15

Hier ist der erstellte fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by SYSTEM at 2015-04-06 20:09:54 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 ] () <=== ATTENTION
HKLM\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\MJ\...\Policies\system: [DisableRegistryTools] 1
HKU\MJ\...\Policies\system: [DisableTaskMgr] 1
HKU\MJ\...\Policies\Explorer: [NoViewContextMenu] 1
HKU\MJ\...\Winlogon: [Userinit] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] ()
HKU\MJ\...\Winlogon: [Shell] C:\Users\MJ\AppData\Roaming\loadit.exe [604790 2015-04-03] () <==== ATTENTION 
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk ->  (No File)
Startup: C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
BootExecute: autocheck autochk * ??
2015-04-03 19:29 - 2015-04-03 19:29 - 00604790 _____ () C:\Users\MJ\AppData\Roaming\loadit.exe
2015-04-03 19:29 - 2015-04-03 19:29 - 00000036 _____ () C:\Users\MJ\AppData\Roaming\url.txt
2015-04-02 21:01 - 2015-03-22 00:17 - 98496864 _____ () C:\Users\MJ\AppData\Roaming\autostarter.exe
         
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value deleted successfully.
HKU\MJ\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value deleted successfully.
HKU\MJ\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value deleted successfully.
HKU\MJ\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value deleted successfully.
HKU\MJ\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\MJ\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => Moved successfully.
ShortcutTarget: AutoStarter.lnk ->  (No File) not found.
C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk ->  (No File) not found.
HKLM\System\ControlSet001\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Users\MJ\AppData\Roaming\loadit.exe => Moved successfully.
C:\Users\MJ\AppData\Roaming\url.txt => Moved successfully.
C:\Users\MJ\AppData\Roaming\autostarter.exe => Moved successfully.

==== End of Fixlog 20:09:58 ====

schrauber · 07.04.2015, 11:17

Bootet der Rechner wieder normal? Wenn ja ab jetzt alles vom Desktop aus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Matze55 · 07.04.2015, 20:54

Hi, also der Rechner lief hoch. Ich konnte aber keinen Rechtsklick auf dem Desktop machen und die CPU-Auslastung spinnte total verrückt. Ich lies dann erstmal den Malwarebytes Anti-Malware laufen und der Rechner lief wieder normal. Hier der Log:

Code:

ATTFilter

<?xml version="1.0" encoding="UTF-16"?>
@namespace html url(hxxp://www.w3.org/1999/xhtml); :root {                       font:small Verdana;        font-weight: bold;         padding: 2em;              padding-left:4em;       }                          * {                           display: block;            padding-left: 2em;      }                          html|style {                  display: none;          }                          html|span, html|a {           display: inline;           padding: 0;                font-weight: normal;       text-decoration: none;  }                          html|span.block {             display: block;         }                          *[html|hidden],            span.block[html|hidden] {     display: none;          }                          .expand {                     display: block;         }                          .expand:before {              content: '+';              color: red;                position: absolute;        left: -1em;             }  .collapse {                   display: block;         }                          .collapse:before {            content: '-';              color: red;                position: absolute;        left:-1em;              }                         
<mbam-log>


<header>

<date>2015/04/06 20:36:32 +0200</date>

<logfile>mbam-log-2015-04-06 (20-36-30).xml</logfile>

<isadmin>yes</isadmin>

</header>


<engine>

<version>2.01.4.1018</version>

<malware-database>v2015.04.06.07</malware-database>

<rootkit-database>v2015.03.31.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>MJ</username>

<filesys>NTFS</filesys>

</system>


<summary>

<type>threat</type>

<result>completed</result>

<objects>371380</objects>

<time>2324</time>

<processes>0</processes>

<modules>0</modules>

<keys>2</keys>

<values>12</values>

<datas>5</datas>

<folders>14</folders>

<files>51</files>

<sectors>0</sectors>

</summary>


<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


<items>


<key>

<path>HKLM\SOFTWARE\Speedchecker Limited</path>

<vendor>PUP.Optional.SpeedChecker.A</vendor>

<action>success</action>

<hash>85da3a2f1d6d75c1478a4f7b966deb15</hash>

</key>


<key>

<path>HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\DSiteproducts</path>

<vendor>PUP.Optional.DigitalSites.A</vendor>

<action>success</action>

<hash>0a559ccd008a49ed806380c55aabaa56</hash>

</key>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>URL</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dsites_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0E0BtA0F0A0AtC0EyCtN0D0Tzu0SzyzytAtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0BtB0FtB0D0BtDtG0Fzy0F0CtGyDyC0C0BtGyCzzzytAtGyDtA0E0C0AtDtAyD0ByB0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtC0BtCzz0A0DtGzz0CyE0DtGyE0EyCyDtG0A0EyBtCtGyEyCyC0AyC0AtDzy0FyEtA0A2Q&cr=1590528057&ir=</valuedata>

<hash>a4bbca9f8703989e2c25b6967d883ec2</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>TopResultURLFallback</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dsites_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0E0BtA0F0A0AtC0EyCtN0D0Tzu0SzyzytAtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0BtB0FtB0D0BtDtG0Fzy0F0CtGyDyC0C0BtGyCzzzytAtGyDtA0E0C0AtDtAyD0ByB0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtC0BtCzz0A0DtGzz0CyE0DtGyE0EyCyDtG0A0EyBtCtGyEyCyC0AyC0AtDzy0FyEtA0A2Q&cr=1590528057&ir=</valuedata>

<hash>dc831c4dd4b68ea8db76113bb451c63a</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>FaviconPath</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>C:\Program Files (x86)\WSE_Lasaoren\\FavIcon.ico</valuedata>

<hash>72ede1881e6ca98dec65222ad62fcb35</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename/>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>Lasaoren</valuedata>

<hash>73ec76f3d6b42d0964ed9fada461d828</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>DisplayName</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>Lasaoren</valuedata>

<hash>e07f4d1c6d1da6900d44103c2cd9fa06</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{A25AC313-DD19-4238-ACA2-401D6BEE4321}</path>

<valuename>DisplayName</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>Lasaoren</valuedata>

<hash>5f00d49525657fb76ce5c488fe07ee12</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{A25AC313-DD19-4238-ACA2-401D6BEE4321}</path>

<valuename>URL</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ggfc_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0E0BtA0F0A0AtC0EyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0F0F0EyDzztGtDtCyEyEtGtCtCtDtAtGyE0AyB0EtGtAtC0D0CyD0C0C0F0FyByEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0A0C0B0Azz0AtG0ByBtAzztGyEtC0E0FtG0A0CtCtDtGtDzz0FtD0F0AtDzyyB0DyE0E2Q&cr=1427833282&ir=</valuedata>

<hash>98c79ecb2367d3639cb573d916ef3ac6</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{A25AC313-DD19-4238-ACA2-401D6BEE4321}</path>

<valuename>TopResultURLFallback</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ggfc_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0E0BtA0F0A0AtC0EyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0E0F0F0EyDzztGtDtCyEyEtGtCtCtDtAtGyE0AyB0EtGtAtC0D0CyD0C0C0F0FyByEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtC0A0C0B0Azz0AtG0ByBtAzztGyEtC0E0FtG0A0CtCtDtGtDzz0FtD0F0AtDzyyB0DyE0E2Q&cr=1427833282&ir=</valuedata>

<hash>4a15056475159b9b153cd27a19ec35cb</hash>

</value>


<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET 
EXPLORER\SEARCHSCOPES\{A25AC313-DD19-4238-ACA2-401D6BEE4321}</path>

<valuename/>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>Lasaoren</valuedata>

<hash>c699b9b0e5a56fc728293f0d50b538c8</hash>

</value>


<value>

<path>HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\MICROSOFT\INTERNETt
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>TopResultURLFallback</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>hxxp://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dsites_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EtA0E0BtA0F0A0AtC0EyCtN0D0Tzu0SzyzytAtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0BtB0FtB0D0BtDtG0Fzy0F0CtGyDyC0C0BtGyCzzzytAtGyDtA0E0C0AtDtAyD0ByB0D0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtAtC0BtCzz0A0DtGzz0CyE0DtGyE0EyCyDtG0A0EyBtCtGyEyCyC0AyC0AtDzy0FyEtA0A2Q&cr=1590528057&ir=</valuedata>

<hash>6ef1ce9b94f61a1c123e4a022dd8bd43</hash>

</value>


<value>

<path>HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\MICROSOFT\INTERNET2
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename>FaviconPath</valuename>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>C:\Program Files (x86)\WSE_Lasaoren\\FavIcon.ico</valuedata>

<hash>f26d2e3bb1d9b0861b354ffdc73e06fa</hash>

</value>


<value>

<path>HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\MICROSOFT\INTERNETm
EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</path>

<valuename/>

<vendor>PUP.Optional.Lasaoren.A</vendor>

<action>success</action>

<valuedata>Lasaoren</valuedata>

<hash>213ef673d1b9e650cd83f75513f2bc44</hash>

</value>


<data>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path>

<valuename>NoViewContextMenu</valuename>

<vendor>PUM.RightClick.Disabled</vendor>

<action>replaced</action>

<valuedata>1</valuedata>

<baddata>1</baddata>

<gooddata>0</gooddata>

<hash>6cf30861dfab3afcfe03b63b9e67827e</hash>

</data>


<data>

<path>HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS</path>

<valuename>NoBrowserContextMenu</valuename>

<vendor>PUM.RightClick.Disabled</vendor>

<action>replaced</action>

<valuedata>1</valuedata>

<baddata>1</baddata>

<gooddata>0</gooddata>

<hash>8dd28bdecac0ad89d62ace232cd9639d</hash>

</data>


<data>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER</path>

<valuename>NoViewContextMenu</valuename>

<vendor>PUM.RightClick.Disabled</vendor>

<action>replaced</action>

<valuedata>1</valuedata>

<baddata>1</baddata>

<gooddata>0</gooddata>

<hash>025d36331e6c132328d9f4fd18ed936d</hash>

</data>


<data>

<path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET 
EXPLORER\RESTRICTIONS</path>

<valuename>NoBrowserContextMenu</valuename>

<vendor>PUM.RightClick.Disabled</vendor>

<action>replaced</action>

<valuedata>1</valuedata>

<baddata>1</baddata>

<gooddata>0</gooddata>

<hash>5a0575f44446a591d7294ea3d0350af6</hash>

</data>


<data>

<path>HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\POLICIES\MICROSOFT\INTERNETO
EXPLORER\RESTRICTIONS</path>

<valuename>NoBrowserContextMenu</valuename>

<vendor>PUM.RightClick.Disabled</vendor>

<action>replaced</action>

<valuedata>1</valuedata>

<baddata>1</baddata>

<gooddata>0</gooddata>

<hash>015e98d131592412c23d9d532fd65ba5</hash>

</data>


<folder>

<path>C:\Users\MJ\AppData\Local\Astromenda</path>

<vendor>PUP.Optional.Astromenda.A</vendor>

<action>success</action>

<hash>38276009c5c58aac8bf19e0eba4945bb</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\BG</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\CZ</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\DE</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\EN</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\ES</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\FR</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\HE</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\IT</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RU</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\SK</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<folder>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\TR</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</folder>


<file>

<path>C:\Users\MJ\AppData\Local\Temp\2080366.Uninstall\uninstaller.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>b6a998d11d6d55e1caa0ea62c9397090</hash>

</file>


<file>

<path>C:\Users\MJ\AppData\Local\Temp\2115217.Uninstall\uninstaller.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>da85bbaed0bacc6a2a400646b84acb35</hash>

</file>


<file>

<path>C:\Users\MJ\AppData\Local\Temp\2133376.Uninstall\uninstaller.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>055a90d952386dc90f5be96312f0ae52</hash>

</file>


<file>

<path>C:\Users\MJ\AppData\Local\Temp\2264214.Uninstall\uninstaller.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>243b85e40e7cee482545a3a9e220629e</hash>

</file>


<file>

<path>C:\Users\MJ\Downloads\Calibre-lnstall.exe</path>

<vendor>PUP.Optional.Giga</vendor>

<action>success</action>

<hash>71ee68014c3e0135b361edeeba4b926e</hash>

</file>


<file>

<path>C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf</path>

<vendor>PUP.Optional.WebInstr.A</vendor>

<action>success</action>

<hash>5a05a2c7d7b39d9950200abc3bc8956b</hash>

</file>


<file>

<path>C:\Users\MJ\AppData\Local\Astromenda\data</path>

<vendor>PUP.Optional.Astromenda.A</vendor>

<action>success</action>

<hash>38276009c5c58aac8bf19e0eba4945bb</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\BG\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\BG\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\BG\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\CZ\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\CZ\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\EN\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\EN\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\EN\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\ES\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\ES\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\ES\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\FR\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\FR\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\FR\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\HE\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\HE\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\HE\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\IT\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\IT\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\IT\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\IT\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RU\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RU\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\RU\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\SK\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\SK\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\SK\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\TR\Configuration.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\TR\OptionDlg.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>


<file>

<path>C:\ProgramData\ICQ\ICQToolbar\XML\TR\UserInterface.xml</path>

<vendor>PUP.Optional.ICQToolbar.A</vendor>

<action>success</action>

<hash>f06f6ffa96f4270f5aac05ad18ebe61a</hash>

</file>

</items>

</mbam-log>

Danach noch den AdwCleaner mit den Logs R:

Code:

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 21:47:35
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : MJ - CABAL
# Gestarted von : C:\Users\MJ\Desktop\AdwCleaner_4.200.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Windows\System32\drivers\netfilter64.sys
Ordner Gefunden : C:\ProgramData\b5a2c01b5e95a407
Ordner Gefunden : C:\Users\MJ\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\MJ\AppData\Roaming\DigitalSites
Ordner Gefunden : C:\Users\MJ\AppData\Roaming\download Manager
Ordner Gefunden : C:\Users\MJ\AppData\Roaming\Uniblue

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\BRS
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Myfree Codec
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : [x64] HKCU\Software\BRS
Schlüssel Gefunden : [x64] HKCU\Software\ilivid
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gefunden : [x64] HKCU\Software\Myfree Codec
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\FlvPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F488658-35A7-2AB8-A756-560BA8F103C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gefunden : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gefunden : HKLM\SOFTWARE\pdfforge
Schlüssel Gefunden : HKLM\SOFTWARE\Toolbar Cleaner
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v32.0.3 (x86 de)

[zpb8kntx.default] - Zeile Gefunden : user_pref("extensions.9gXWzbvKtdgI58xh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[zpb8kntx.default] - Zeile Gefunden : user_pref("extensions.HujkQtTOwNj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
[zpb8kntx.default] - Zeile Gefunden : user_pref("extensions.IYmg4l3iICU62Nm7.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[zpb8kntx.default] - Zeile Gefunden : user_pref("extensions.IhxlSTXFEjqhmXnI.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [8592 Bytes] - [06/04/2015 21:47:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8651 Bytes] ##########

und S:

Code:

ATTFilter

# AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 21:53:47
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : MJ - CABAL
# Gestarted von : C:\Users\MJ\Desktop\AdwCleaner_4.200.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\b5a2c01b5e95a407
Ordner Gelöscht : C:\Users\MJ\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\MJ\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\MJ\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\MJ\AppData\Roaming\download Manager
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\FlvPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\pdfforge
Schlüssel Gelöscht : HKLM\SOFTWARE\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F488658-35A7-2AB8-A756-560BA8F103C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v32.0.3 (x86 de)

[zpb8kntx.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.9gXWzbvKtdgI58xh.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[zpb8kntx.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.HujkQtTOwNj.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumo[...]
[zpb8kntx.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.IYmg4l3iICU62Nm7.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[zpb8kntx.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.IhxlSTXFEjqhmXnI.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [8842 Bytes] - [06/04/2015 21:47:35]
AdwCleaner[R1].txt - [8901 Bytes] - [06/04/2015 21:52:55]
AdwCleaner[S0].txt - [8168 Bytes] - [06/04/2015 21:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8227  Bytes] ##########

Ich arbeite auch viel und ich will den Rechner wieder schnell flott haben, also folgte der nach Anweisung eines anderen GUV-Entfernungs Themas die Emisoft Anti-Malware nach Anweisung:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 9.0
Letztes Update: 06.04.2015 22:30:48
Benutzerkonto: CABAL\MJ

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	06.04.2015 22:31:49
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} 	gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	gefunden: Application.AdGenie (A)
C:\FRST\Quarantine\C\Users\MJ\AppData\Roaming\loadit.exe.xBAD 	gefunden: Trojan.Generic.12881593 (B)
C:\Users\MJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UO7Z11\index[1].htm 	gefunden: Trojan.FakeAlert.DIF (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\3ff75be7.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Application.Bundler.OptimumInstaller.1 (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\40936997.qua -> (Quarantine-8) -> PTC.PRO.ENGINEER.WILDFIRE.V5.F000.WIN64-MAGNiTUDE.exe 	gefunden: Trojan.Generic.6541500 (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\702605aa.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Application.Bundler.25 (B)
C:\Users\MJ\Documents\Pro E 4\PTC.PRO.ENGINEER.WILDFIRE.V5.F000.WIN64-MAGNiTUDE.rarED013F30 -> PTC.PRO.ENGINEER.WILDFIRE.V5.F000.WIN64-MAGNiTUDE.exe 	gefunden: Trojan.Generic.6541500 (B)

Gescannt	518714
Gefunden	15

Scan-Ende:	07.04.2015 02:26:09
Scan-Zeit:	3:54:20

C:\Users\MJ\Documents\Pro E 4\PTC.PRO.ENGINEER.WILDFIRE.V5.F000.WIN64-MAGNiTUDE.rarED013F30	Quarantäne Trojan.Generic.6541500 (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\702605aa.qua	Quarantäne Gen:Variant.Application.Bundler.25 (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\40936997.qua	Quarantäne Trojan.Generic.6541500 (B)
C:\Users\MJ\AppData\Local\Temp\cleaner\pccleaner\setup\INFECTED\3ff75be7.qua	Quarantäne Gen:Variant.Application.Bundler.OptimumInstaller.1 (B)
C:\Users\MJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UO7Z11\index[1].htm	Quarantäne Trojan.FakeAlert.DIF (B)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B}	Quarantäne Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}	Quarantäne Application.Win32.InstallAd (A)

Quarantäne	9

Kann sein dass ich etwas voreilig war, aber weiter wollte ich noch nicht machen, da ich hier die Unterstützung von Profis habe. Danke auch dafür! Außerdem verschob er nur 9 von 15 Ergebnissen in die Quarantäne.

Hier erstmal die gewünschten logs:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MJ (administrator) on CABAL on 07-04-2015 20:59:29
Running from C:\Users\MJ\Desktop
Loaded Profiles: MJ (Available profiles: MJ)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
() C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TechniSat Digital, S.A.) C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TechniSat Digital, S.A.) C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\wmpshare.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-20] (Razer Inc.)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [LMADLmon] => C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe [948360 2011-11-23] ()
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-18\...\RunOnce: [panda2_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda2_0dn_XP] => reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 ->  {6552C7DD-90A4-4387-B795-F8F96747DE19}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {2E41A58F-FD4F-42FF-805E-528F06735287} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {8C92DD76-CB3D-4A2B-94AD-E6C6DAB715EF} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {CF3C28C1-DFCA-4108-862A-3AA423D5E46A} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {DF79EB1A-8049-47AC-8D41-3144FBC01E6B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-08] (Oracle Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2013-10-01] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2013-10-01] ()
Toolbar: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-29] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-29] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2838978309-1536262354-1386303622-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-10-23] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-12-24] (Apple Inc.)
FF SearchPlugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default\searchplugins\google-images.xml [2014-12-26]
FF SearchPlugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default\searchplugins\google-maps.xml [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-13] (SurfRight B.V.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-20] (Razer Inc.) [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [988216 2011-01-05] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-05] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-13] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET_AMD64.SYS [615440 2009-09-11] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-20] () [File not signed]
S2 TBPanel; No ImagePath
U3 ac66grny; C:\Windows\System32\Drivers\ac66grny.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S0 sfdrv01; System32\drivers\sfdrv01.sys [X]
S0 sfhlp02; System32\drivers\sfhlp02.sys [X]
S0 sfsync02; System32\drivers\sfsync02.sys [X]
S0 sfvfs02; System32\drivers\sfvfs02.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 20:59 - 2015-04-07 21:06 - 00018144 _____ () C:\Users\MJ\Desktop\FRST.txt
2015-04-07 20:28 - 2015-04-07 20:34 - 00000019 _____ () C:\Windows\Studio11_BonusDVD.log
2015-04-07 20:27 - 2015-04-07 20:27 - 00003225 _____ () C:\Windows\SysWOW64\vitascene-protocol.txt
2015-04-07 20:17 - 2009-07-14 03:15 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx450b.rra
2015-04-07 19:55 - 2015-04-05 20:45 - 02095616 _____ (Farbar) C:\Users\MJ\Desktop\FRST64.exe
2015-04-07 02:26 - 2015-04-07 02:26 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-06 22:28 - 2015-04-06 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 22:27 - 2015-04-06 22:28 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\MJ\Downloads\disk-defrag-setup.exe
2015-04-06 22:23 - 2015-04-07 19:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-06 22:11 - 2015-04-06 22:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 22:06 - 2015-04-06 22:09 - 11028616 _____ (SurfRight B.V.) C:\Users\MJ\Downloads\HitmanPro_x64.exe
2015-04-06 22:05 - 2015-04-06 22:18 - 166573936 _____ (Emsisoft Ltd. ) C:\Users\MJ\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-06 21:47 - 2015-04-06 21:53 - 00000000 ____D () C:\AdwCleaner
2015-04-06 21:23 - 2015-04-06 21:23 - 00014244 _____ () C:\malewarefund.txt
2015-04-06 20:31 - 2015-04-06 20:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-06 20:31 - 2015-04-06 20:09 - 02208768 _____ () C:\Users\MJ\Desktop\AdwCleaner_4.200.exe
2015-04-05 23:00 - 2015-04-07 20:59 - 00000000 ____D () C:\FRST
2015-04-05 05:32 - 2015-04-05 05:32 - 00029980 _____ () C:\Extras.Txt
2015-04-05 05:19 - 2015-04-05 05:32 - 00077338 _____ () C:\OTL.Txt
2015-04-02 22:29 - 2015-04-02 22:29 - 00004012 _____ () C:\Users\MJ\Desktop\03. Not Strong Enough (feat. Brent Smith) - Verknüpfung.lnk
2015-04-01 23:30 - 2015-04-01 23:39 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (6)
2015-03-31 21:59 - 2015-03-31 22:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-21 13:32 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-21 13:32 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-21 13:29 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-21 13:29 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:00 - 2015-03-10 21:00 - 00000000 ____D () C:\Windows\SysWOW64\䙔䵁
2015-03-08 22:23 - 2015-03-08 22:45 - 00000000 ____D () C:\Users\MJ\Desktop\Indien2014
2015-03-08 22:22 - 2015-03-08 22:22 - 00000000 ____D () C:\Users\MJ\Desktop\tg15
2015-03-08 22:07 - 2015-03-08 22:53 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (5)
2015-03-08 20:40 - 2015-03-07 00:54 - 981194115 _____ () C:\Users\MJ\Desktop\rla-seso.ts.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 20:56 - 2014-11-13 12:53 - 00424762 _____ () C:\Windows\setupact.log
2015-04-07 20:56 - 2014-11-13 11:17 - 00000000 ____D () C:\Windows\CryptoGuard
2015-04-07 20:56 - 2010-02-20 00:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-07 20:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 20:54 - 2010-02-20 01:36 - 00000012 ____H () C:\dvmexp.idx
2015-04-07 20:51 - 2014-11-13 12:53 - 00179112 _____ () C:\Windows\PFRO.log
2015-04-07 20:46 - 2010-02-20 00:04 - 01574767 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 20:41 - 2014-11-13 20:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-07 20:40 - 2010-02-20 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-07 20:40 - 2010-02-20 01:31 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-07 20:40 - 2010-02-20 01:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-07 20:37 - 2010-02-23 18:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-07 20:34 - 2011-05-22 07:27 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2015-04-07 20:27 - 2011-05-22 07:47 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\proDAD
2015-04-07 20:24 - 2011-05-22 07:22 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2015-04-07 20:12 - 2011-05-22 07:22 - 00000000 ____D () C:\ProgramData\Pinnacle
2015-04-07 20:00 - 2009-07-14 06:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 20:00 - 2009-07-14 06:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 05:49 - 2013-03-17 09:33 - 00000000 ____D () C:\Users\MJ\Documents\Pro E 4
2015-04-06 21:55 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 21:44 - 2012-01-13 19:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 21:26 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2015-04-06 21:25 - 2010-02-20 18:32 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 20:35 - 2009-07-14 19:58 - 08843262 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 20:35 - 2009-07-14 19:58 - 02684186 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 20:35 - 2009-07-14 07:13 - 00006564 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 05:13 - 2010-02-20 00:04 - 00000000 ____D () C:\Users\MJ
2015-04-03 00:22 - 2010-04-05 11:16 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\UseNeXT
2015-04-03 00:17 - 2010-02-26 12:16 - 00000000 ____D () C:\Users\MJ\Documents\UseNeXT
2015-04-02 22:25 - 2011-03-18 12:23 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\vlc
2015-03-31 22:09 - 2011-03-18 11:25 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-31 22:08 - 2011-04-20 20:34 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-31 22:08 - 2011-04-20 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-31 22:05 - 2010-02-20 13:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\WinRAR
2015-03-31 22:02 - 2011-01-09 17:52 - 05458432 ___SH () C:\Users\MJ\Desktop\Thumbs.db
2015-03-31 21:34 - 2010-02-26 15:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\dvdcss
2015-03-22 03:37 - 2010-02-23 18:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-21 13:25 - 2011-02-17 22:57 - 01340416 ___SH () C:\Users\MJ\Downloads\Thumbs.db
2015-03-11 21:14 - 2014-11-13 12:04 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-10 23:21 - 2014-11-13 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-10 23:21 - 2014-11-13 12:04 - 00000000 ____D () C:\ProgramData\Avira
2015-03-08 22:20 - 2014-03-06 21:50 - 00000000 ____D () C:\Users\MJ\Desktop\101_PANA
2015-03-08 22:07 - 2014-12-16 21:57 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (4)

==================== Files in the root of some directories =======

2014-09-18 22:28 - 2014-11-13 12:06 - 0000093 _____ () C:\Users\MJ\AppData\Roaming\WB.CFG
2010-08-20 10:18 - 2014-11-15 01:34 - 0007680 _____ () C:\Users\MJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-20 01:16 - 2014-08-25 20:02 - 0007603 _____ () C:\Users\MJ\AppData\Local\resmon.resmoncfg
2012-08-16 01:00 - 2012-08-16 01:00 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2012-12-02 13:30 - 2015-01-08 01:24 - 0008571 _____ () C:\ProgramData\LMADLscan.log
2012-10-31 01:00 - 2013-09-07 21:02 - 0006400 _____ () C:\ProgramData\NanoRepository.bin
2012-10-31 01:00 - 2013-07-27 01:00 - 0006400 _____ () C:\ProgramData\NanoRepository.bin.bak
2010-08-07 11:57 - 2010-08-07 11:57 - 0000040 _____ () C:\ProgramData\ra3.ini
2011-05-22 07:37 - 2011-05-22 07:38 - 0001726 _____ () C:\ProgramData\__wdump.txt

Some content of TEMP:
====================
C:\Users\MJ\AppData\Local\Temp\AutoRun.exe
C:\Users\MJ\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\MJ\AppData\Local\Temp\avgnt.exe
C:\Users\MJ\AppData\Local\Temp\DivXSetup.exe
C:\Users\MJ\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\MJ\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\MJ\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf3n09u.dll
C:\Users\MJ\AppData\Local\Temp\EAInstall.dll
C:\Users\MJ\AppData\Local\Temp\eauninstall.exe
C:\Users\MJ\AppData\Local\Temp\Quarantine.exe
C:\Users\MJ\AppData\Local\Temp\sqlite3.dll
C:\Users\MJ\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\MJ\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 03:39

==================== End Of Log ============================

--- --- ---

--- --- ---

und Additional:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MJ at 2015-04-07 21:08:32
Running from C:\Users\MJ\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.12 (HKLM-x32\...\AllDup_is1) (Version: 3.4.12 - Michael Thummerer Software Design)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
calibre (HKLM-x32\...\{3FBA72CD-A3EB-42A2-89DF-DF2366BEA779}) (Version: 2.10.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.13 - INTENIUM GmbH)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
DVDFab 8.0.9.8 (08/06/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
eMedia Gitarrenschule (HKLM-x32\...\{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}) (Version:  - eMedia Corporation)
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.02.01 - )
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Guitar Hero World Tour (HKLM-x32\...\{A126E617-63F0-4E57-BFA4-7190F5845C39}) (Version: 1.0 - Aspyr)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lara Croft and the Temple of Osiris (HKLM-x32\...\Steam App 289690) (Version:  - Crystal Dynamics)
Lexmark Pro5500 Series Deinstallationsprogamm (HKLM\...\Lexmark Pro5500 Series) (Version:  - Lexmark International, Inc.)
Logitech GamePanel Software 3.04.143 (HKLM\...\{109945A8-D8D5-48B8-B4A5-195D3F99B56D}) (Version: 3.04.143 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
LOST PLANET 2 (x32 Version: 1.0.0001.131 - CAPCOM CO., LTD.) Hidden
MainConcept DTV Decoder Standard (HKLM-x32\...\{059A00AC-1205-423C-91C7-7E6168D804DA}) (Version: 1.5.0.2 - MainConcept GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2716 - Electronic Arts, Inc.)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.0.14 - Panda Security)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v4.6 (HKLM-x32\...\{E6098043-1183-4580-89EF-423CBF807188}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version:  - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
RATattack 0.2 (HKLM-x32\...\RATattack) (Version: 0.2 - )
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Rocksmith (HKLM-x32\...\Steam App 205190) (Version:  - )
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.64.0.0 - Deep Silver)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (2.0.0.2001) (HKLM-x32\...\Secunia PSI) (Version:  - )
Skype™ 5.1 (HKLM-x32\...\{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}) (Version: 5.1.112 - Skype Technologies S.A.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
T.Probe (HKLM-x32\...\{29A47E79-7287-4C52-9667-B4CDEEE14B58}) (Version: 1.00.10 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TechniSat DVB-PC TV Star (HKLM-x32\...\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}) (Version: 4.3.3 - TechniSat)
Technisat DVB-VC80 Redistributable Modules (HKLM-x32\...\{134007CC-7026-46C2-B46F-40D9FD2AF385}) (Version: 1.0.0 - Technisat)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.01.08 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vtune 7.8 (HKLM-x32\...\Vtune_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
X-Wave MP3 Cutter Joiner 1.1 (HKLM-x32\...\X-Wave MP3 Cutter Joiner) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\MJ\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

07-04-2015 20:01:47 Removed Pinnacle Creative Pack Volume 1.
07-04-2015 20:05:23 Removed Pinnacle Studio 14.
07-04-2015 20:14:22 Removed Feedback Tool
07-04-2015 20:15:53 Entfernt JMicron JMB36X Driver
07-04-2015 20:20:26 Removed MainConcept DTV Decoder Standard
07-04-2015 20:23:39 Removed Pinnacle Studio Ultimate Collection Plugins.
07-04-2015 20:28:20 Entfernt Studio 11 Bonus DVD
07-04-2015 20:35:13 Removed Pinnacle Video Treiber.
07-04-2015 20:37:05 Microsoft Office File Validation Add-In wird entfernt
07-04-2015 20:38:14 Entfernt PC Probe II
07-04-2015 20:43:49 Removed Oracle VM VirtualBox 4.3.20

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20DA664F-8A96-49A2-8EC8-C72937327E49} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: {3474A636-D8FE-4D6A-9A48-85C591234BBD} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-09-09] (ASUSTeK Computer Inc.)
Task: {3621F74F-63BB-4D61-AC77-C57C7A0D3AA7} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2009-08-19] (ASUSTeK Computer Inc.)
Task: {679CFA9D-4C17-492C-9A6D-437DE855758E} - \{13A7CB7D-8098-4532-A7BA-56D19BF28F06} No Task File <==== ATTENTION
Task: {7BFB10DB-3101-43A6-A9F7-3827C7398B30} - \{55A7EEC3-B038-4EEB-BD05-D10E2FE65731} No Task File <==== ATTENTION
Task: {7DD94DB5-3E03-4C0A-92E4-0516CBD05B5A} - \{771E45BB-AF11-410B-9FE7-8DA2EA6496F5} No Task File <==== ATTENTION
Task: {84C53C47-7CD6-42B8-BC34-FFEC6CC3D847} - \{6AA85E98-B7CA-414D-9696-42239DB675FC} No Task File <==== ATTENTION
Task: {982E2711-0A58-415C-9764-D4D4A39F2D99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B0FB23E4-D8CE-4B27-89A5-3BF8311EAE29} - \{E74E5D82-BF30-43DF-979A-BF338C5442DE} No Task File <==== ATTENTION
Task: {BCB68B35-684F-450F-B05D-489DBA85F354} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.98\AsLoader.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {BD5EE425-4EFF-46F5-814E-62F83896719F} - \{DAD3B14E-F294-418A-BB6D-CE230B8CBD7A} No Task File <==== ATTENTION
Task: {CA6711F8-76CD-4C33-96CF-CC9650C09BD9} - \{4A35D8A4-9402-4A64-8D85-A36A46D05659} No Task File <==== ATTENTION
Task: {F5664371-0D6C-459E-B532-E7417133C7ED} - \CreateChoiceProcessTask No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-09-15 18:42 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-09-03 11:10 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-02-20 11:30 - 2008-12-11 14:45 - 00114688 _____ () C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
2012-12-02 12:53 - 2011-11-23 20:35 - 00948360 _____ () C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-02-20 01:31 - 2009-05-22 15:16 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2010-02-20 01:31 - 2008-12-10 21:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2012-12-02 12:53 - 2011-08-22 17:31 - 01454080 _____ () C:\Program Files (x86)\Lexmark Pro5500 Series\lmabdrs.dll
2010-02-20 15:18 - 2009-06-29 13:18 - 00131072 _____ () C:\Program Files (x86)\TechniSat DVB\bin\LIBBZ2.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\MJ\Downloads\204_sondconvoy_-_hey_wir_wolln_die_eisbaern_sehn.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Adobe Solutions:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\atomic cannon explosion - faces of death - us army footage of tactical nuclear bomb fired from a cannon.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Blair Bush Read My Lips PISSTAKE.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\DSC00010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\ghost-rider-wallpaper-29-1280.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Traktor Dj Studio 3:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\zum lesen und anschauen:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 2
MSCONFIG\Services: CouponArificService64 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate1cadca9dcb73060 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe -runBRS
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Cpu Level Up help => "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LMab1err => C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe
MSCONFIG\startupreg: QFan Help => "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: T Probe => "C:\Program Files\ASUS\T Probe\TProbe.exe" -b
MSCONFIG\startupreg: TBPanel => C:\Program Files (x86)\Vtune\TBPanel.exe /A
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: TurboV EVO => "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-2838978309-1536262354-1386303622-500 - Administrator - Disabled)
Gast (S-1-5-21-2838978309-1536262354-1386303622-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2838978309-1536262354-1386303622-1002 - Limited - Enabled)
MJ (S-1-5-21-2838978309-1536262354-1386303622-1001 - Administrator - Enabled) => C:\Users\MJ
UpdatusUser (S-1-5-21-2838978309-1536262354-1386303622-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 08:43:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:39:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:37:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:35:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:28:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:23:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xd68
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (04/07/2015 08:20:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 07:59:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0x1238
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (04/07/2015 07:59:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 11.3.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1554

Startzeit: 01d0715bfbfd54a9

Endzeit: 0

Anwendungspfad: C:\Users\MJ\Desktop\FRST64.exe

Berichts-ID: abb2cbaa-dd4f-11e4-bcf1-e0cb4e3eb3fa


System errors:
=============
Error: (04/07/2015 09:03:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/07/2015 09:00:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht.

Error: (04/07/2015 08:59:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (04/07/2015 08:56:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfhlp02
sfsync02
sfvfs02

Error: (04/07/2015 08:56:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/07/2015 08:52:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfhlp02
sfsync02
sfvfs02

Error: (04/07/2015 08:52:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Wizard Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/07/2015 08:52:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Wizard Service erreicht.

Error: (04/07/2015 08:51:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/07/2015 08:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (10/25/2012 06:00:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/30/2011 08:58:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 41%
Total physical RAM: 8183.05 MB
Available physical RAM: 4821.39 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 13236.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:33.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 10C34588)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich hab da noch eine andere Frage. Ich habe viele Installationen von Microsoft Visual C++ Redistributable von 2005 & 2008 auf dem Rechner. Kann ich diese später nach Bereinigung deinstallieren und bleibt es nach einem Microsoftupdate aktuell oder installieren sich alle von neuem?

schrauber · 08.04.2015, 14:01

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

pdfforge Toolbar v4.6
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Task: {679CFA9D-4C17-492C-9A6D-437DE855758E} - \{13A7CB7D-8098-4532-A7BA-56D19BF28F06} No Task File <==== ATTENTION

Task: {7BFB10DB-3101-43A6-A9F7-3827C7398B30} - \{55A7EEC3-B038-4EEB-BD05-D10E2FE65731} No Task File <==== ATTENTION

Task: {7DD94DB5-3E03-4C0A-92E4-0516CBD05B5A} - \{771E45BB-AF11-410B-9FE7-8DA2EA6496F5} No Task File <==== ATTENTION

Task: {84C53C47-7CD6-42B8-BC34-FFEC6CC3D847} - \{6AA85E98-B7CA-414D-9696-42239DB675FC} No Task File <==== ATTENTION

Task: {B0FB23E4-D8CE-4B27-89A5-3BF8311EAE29} - \{E74E5D82-BF30-43DF-979A-BF338C5442DE} No Task File <==== ATTENTION

Task: {BD5EE425-4EFF-46F5-814E-62F83896719F} - \{DAD3B14E-F294-418A-BB6D-CE230B8CBD7A} No Task File <==== ATTENTION

Task: {CA6711F8-76CD-4C33-96CF-CC9650C09BD9} - \{4A35D8A4-9402-4A64-8D85-A36A46D05659} No Task File <==== ATTENTION

Task: {F5664371-0D6C-459E-B532-E7417133C7ED} - \CreateChoiceProcessTask No Task File <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [panda2_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda2_0dn_XP] => reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 ->  {6552C7DD-90A4-4387-B795-F8F96747DE19}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Tcpip\Parameters: [DhcpNameServer] 0.0.0.0
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Die Visual C++ würde ich lassen.

Matze55 · 10.04.2015, 06:34

Hi, hier sind endlich die geforderten Logs.
Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MJ at 2015-04-08 22:55:37 Run:2
Running from C:\Users\MJ\Desktop
Loaded Profiles: MJ (Available profiles: MJ)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {679CFA9D-4C17-492C-9A6D-437DE855758E} - \{13A7CB7D-8098-4532-A7BA-56D19BF28F06} No Task File <==== ATTENTION

Task: {7BFB10DB-3101-43A6-A9F7-3827C7398B30} - \{55A7EEC3-B038-4EEB-BD05-D10E2FE65731} No Task File <==== ATTENTION

Task: {7DD94DB5-3E03-4C0A-92E4-0516CBD05B5A} - \{771E45BB-AF11-410B-9FE7-8DA2EA6496F5} No Task File <==== ATTENTION

Task: {84C53C47-7CD6-42B8-BC34-FFEC6CC3D847} - \{6AA85E98-B7CA-414D-9696-42239DB675FC} No Task File <==== ATTENTION

Task: {B0FB23E4-D8CE-4B27-89A5-3BF8311EAE29} - \{E74E5D82-BF30-43DF-979A-BF338C5442DE} No Task File <==== ATTENTION

Task: {BD5EE425-4EFF-46F5-814E-62F83896719F} - \{DAD3B14E-F294-418A-BB6D-CE230B8CBD7A} No Task File <==== ATTENTION

Task: {CA6711F8-76CD-4C33-96CF-CC9650C09BD9} - \{4A35D8A4-9402-4A64-8D85-A36A46D05659} No Task File <==== ATTENTION

Task: {F5664371-0D6C-459E-B532-E7417133C7ED} - \CreateChoiceProcessTask No Task File <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [panda2_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda2_0dn_XP] => reg.exe delete "HKCU\Software\panda2_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_0dn_XP] => reg.exe delete "HKCU\Software\panda4_0dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 ->  {6552C7DD-90A4-4387-B795-F8F96747DE19}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: No Name -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} ->  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Tcpip\Parameters: [DhcpNameServer] 0.0.0.0
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Emptytemp:
         
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{679CFA9D-4C17-492C-9A6D-437DE855758E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679CFA9D-4C17-492C-9A6D-437DE855758E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{13A7CB7D-8098-4532-A7BA-56D19BF28F06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BFB10DB-3101-43A6-A9F7-3827C7398B30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFB10DB-3101-43A6-A9F7-3827C7398B30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55A7EEC3-B038-4EEB-BD05-D10E2FE65731}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD94DB5-3E03-4C0A-92E4-0516CBD05B5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD94DB5-3E03-4C0A-92E4-0516CBD05B5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{771E45BB-AF11-410B-9FE7-8DA2EA6496F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84C53C47-7CD6-42B8-BC34-FFEC6CC3D847}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84C53C47-7CD6-42B8-BC34-FFEC6CC3D847}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6AA85E98-B7CA-414D-9696-42239DB675FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0FB23E4-D8CE-4B27-89A5-3BF8311EAE29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0FB23E4-D8CE-4B27-89A5-3BF8311EAE29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E74E5D82-BF30-43DF-979A-BF338C5442DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD5EE425-4EFF-46F5-814E-62F83896719F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD5EE425-4EFF-46F5-814E-62F83896719F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DAD3B14E-F294-418A-BB6D-CE230B8CBD7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA6711F8-76CD-4C33-96CF-CC9650C09BD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA6711F8-76CD-4C33-96CF-CC9650C09BD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4A35D8A4-9402-4A64-8D85-A36A46D05659}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5664371-0D6C-459E-B532-E7417133C7ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5664371-0D6C-459E-B532-E7417133C7ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda2_0dn_XP => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_0dn_XP => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_1dn => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda4_1dn_XP => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 ->  {6552C7DD-90A4-4387-B795-F8F96747DE19} => Value not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}" => Key deleted successfully.
HKCR\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
EmptyTemp: => Removed 1.4 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:56:54 ====

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4aff216d555e6546be0271645b0d8a57
# engine=23304
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-10 01:01:21
# local_time=2015-04-10 03:01:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 12802662 122808891 0 0
# scanned=424049
# found=16
# cleaned=0
# scan_time=24813
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=6F68ADA50A6259DA6300C25A716904989780E5E7 ft=1 fh=c71c00119d8f3a27 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\MJ\AppData\Roaming\autostarter.exe.xBAD"
sh=A13668529A3FFD7037F5B2A59AA0719875B2F152 ft=1 fh=c71c0011884d0776 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\dtuser.exe"
sh=0F0D98691E66DD6A34BBB976B675CF0C4F850AD2 ft=1 fh=776eaf682f13ffd9 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll"
sh=B4044437AE3A224A1129B270A24174AEF087DF77 ft=1 fh=2e94227eee876c07 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityTb.dll"
sh=4FC4D828D541627B72D9328B83AEE2502A557F6D ft=1 fh=a5146e1dc212dfcc vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\dtUser.exe"
sh=939DBA90EC00FD776083ED34E61DE1861D207038 ft=1 fh=3059cb594d463912 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll"
sh=961F37B5C764159C8591C9A529A9F864E0BD2029 ft=1 fh=d1ad39643d48ef90 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll"
sh=84A45C6D3A1149CA638B5DBC2C1E983F93BB4F34 ft=1 fh=ea15c9fd99c2e6e5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\AppData\LocalLow\pandasecuritytb\dtUser.exe"
sh=9317DB8EC6A72A24629A5FABF4FDAB4D9C9A8F59 ft=1 fh=bba0210d1a501040 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\AppData\LocalLow\pandasecuritytb\pandasecuritytb.dll"
sh=111910A90F658E3DC6BFCBA97EF6EF7553600470 ft=1 fh=62ab0c6975427f41 vn="Win32/DomaIQ.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\Downloads\internet-explorer.exe"
sh=116A0B3FC890EF3AAFC30DA18B726CA34C6EF0C6 ft=1 fh=a28b699e5764cb4c vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\Downloads\SoftonicDownloader35864.exe"
sh=C09D1AF3A5FF17FEB758B1F3DA41AF1FE3FAB383 ft=1 fh=9c8c7885a4d5b6f9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\Downloads\VirtualBox - CHIP-Installer.exe"
sh=D73243FF5FDA71C519DBC002A7E2D6AC8B74575A ft=1 fh=a9e464ef355912e3 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\Downloads\VirtualBox Extension Pack - CHIP-Installer.exe"
sh=1D435CA0C4BA455742225989F95CC529198E86DB ft=1 fh=946105595146a1d1 vn="Win32/StartPage.OIE Trojaner" ac=I fn="C:\Users\MJ\Downloads\vlc-1.1.9-win32.exe"
sh=E3E5B5BA7706FBA87BBD8D5EA83A6262B0B3F78C ft=1 fh=b31857a537e3d95c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MJ\Downloads\WindowsXPMode_de-de - CHIP-Installer.exe"

SecurityCheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.99  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (2.0.0.2001)   
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Adobe Flash Player 16.0.0.296 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (37.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und die Frst:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MJ (administrator) on CABAL on 10-04-2015 07:14:19
Running from C:\Users\MJ\Desktop
Loaded Profiles: MJ (Available profiles: MJ)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(TechniSat Digital, S.A.) C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
(TechniSat Digital, S.A.) C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
(Visicom Media Inc.) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4271688 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093128 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Panda Security URL Filtering] => C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-10-20] (Razer Inc.)
HKLM-x32\...\Run: [Razer Imperator Driver] => C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe [979360 2012-02-09] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [LMADLmon] => C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe [948360 2011-11-23] ()
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
ShortcutTarget: Server4PC.lnk -> C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (TechniSat Digital, S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 ->  {6552C7DD-90A4-4387-B795-F8F96747DE19}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {2E41A58F-FD4F-42FF-805E-528F06735287} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {8C92DD76-CB3D-4A2B-94AD-E6C6DAB715EF} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {CF3C28C1-DFCA-4108-862A-3AA423D5E46A} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> {DF79EB1A-8049-47AC-8D41-3144FBC01E6B} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-08] (Oracle Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2013-10-01] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-08] (Oracle Corporation)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2013-10-01] ()
Toolbar: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 0.0.0.0
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default
FF Homepage: hxxp://www.web.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-01-29] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-29] ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2838978309-1536262354-1386303622-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-10-23] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-12-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-12-24] (Apple Inc.)
FF SearchPlugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default\searchplugins\google-images.xml [2014-12-26]
FF SearchPlugin: C:\Users\MJ\AppData\Roaming\Mozilla\Firefox\Profiles\zpb8kntx.default\searchplugins\google-maps.xml [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [File not signed]
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-13] (SurfRight B.V.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-10-20] (Razer Inc.) [File not signed]
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [988216 2011-01-05] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-01-05] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-02-28] ()
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-11-13] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-02-28] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SKYNET; C:\Windows\System32\DRIVERS\SkyNET_AMD64.SYS [615440 2009-09-11] (TechniSat Digital, S.A.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-20] () [File not signed]
S2 TBPanel; No ImagePath
U3 aq9s8xxg; C:\Windows\System32\Drivers\aq9s8xxg.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S0 sfdrv01; System32\drivers\sfdrv01.sys [X]
S0 sfhlp02; System32\drivers\sfhlp02.sys [X]
S0 sfsync02; System32\drivers\sfsync02.sys [X]
S0 sfvfs02; System32\drivers\sfvfs02.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 07:14 - 2015-04-10 07:14 - 00015887 _____ () C:\Users\MJ\Desktop\FRST.txt
2015-04-10 07:13 - 2015-04-10 07:13 - 00000945 _____ () C:\Users\MJ\Desktop\checkup.txt
2015-04-10 06:58 - 2015-04-10 06:59 - 00035701 _____ () C:\Users\MJ\Desktop\Addition.txt
2015-04-08 23:09 - 2015-04-08 23:09 - 02347384 _____ (ESET) C:\Users\MJ\Desktop\esetsmartinstaller_deu.exe
2015-04-08 23:09 - 2015-04-08 23:09 - 00546857 _____ () C:\Users\MJ\Downloads\noscript-2.6.9.21.xpi
2015-04-08 23:08 - 2015-04-08 23:08 - 00852607 _____ () C:\Users\MJ\Desktop\SecurityCheck.exe
2015-04-08 22:41 - 2015-04-08 22:41 - 00001268 _____ () C:\Users\MJ\Desktop\Revo Uninstaller.lnk
2015-04-08 22:40 - 2015-04-08 22:40 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MJ\Desktop\revosetup95.exe
2015-04-07 20:28 - 2015-04-07 20:34 - 00000019 _____ () C:\Windows\Studio11_BonusDVD.log
2015-04-07 20:27 - 2015-04-07 20:27 - 00003225 _____ () C:\Windows\SysWOW64\vitascene-protocol.txt
2015-04-07 20:17 - 2009-07-14 03:15 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Difx450b.rra
2015-04-07 19:55 - 2015-04-05 20:45 - 02095616 _____ (Farbar) C:\Users\MJ\Desktop\FRST64.exe
2015-04-07 02:26 - 2015-04-07 02:26 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-06 22:28 - 2015-04-06 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 22:27 - 2015-04-06 22:28 - 07213472 _____ (Auslogics Labs Pty Ltd ) C:\Users\MJ\Downloads\disk-defrag-setup.exe
2015-04-06 22:23 - 2015-04-07 19:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-06 22:11 - 2015-04-06 22:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-06 22:06 - 2015-04-06 22:09 - 11028616 _____ (SurfRight B.V.) C:\Users\MJ\Downloads\HitmanPro_x64.exe
2015-04-06 22:05 - 2015-04-06 22:18 - 166573936 _____ (Emsisoft Ltd. ) C:\Users\MJ\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-06 21:47 - 2015-04-06 21:53 - 00000000 ____D () C:\AdwCleaner
2015-04-06 21:23 - 2015-04-06 21:23 - 00014244 _____ () C:\malewarefund.txt
2015-04-06 20:31 - 2015-04-06 20:09 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\MJ\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-06 20:31 - 2015-04-06 20:09 - 02208768 _____ () C:\Users\MJ\Desktop\AdwCleaner_4.200.exe
2015-04-05 23:00 - 2015-04-10 07:14 - 00000000 ____D () C:\FRST
2015-04-05 05:32 - 2015-04-05 05:32 - 00029980 _____ () C:\Extras.Txt
2015-04-05 05:19 - 2015-04-05 05:32 - 00077338 _____ () C:\OTL.Txt
2015-04-02 22:29 - 2015-04-02 22:29 - 00004012 _____ () C:\Users\MJ\Desktop\03. Not Strong Enough (feat. Brent Smith) - Verknüpfung.lnk
2015-04-01 23:30 - 2015-04-01 23:39 - 00000000 ____D () C:\Users\MJ\Desktop\Neuer Ordner (6)
2015-03-31 21:59 - 2015-03-31 22:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-21 13:32 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-21 13:32 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-21 13:29 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-21 13:29 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-10 06:58 - 2011-03-18 12:23 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\vlc
2015-04-09 22:38 - 2010-02-20 00:04 - 01806280 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 19:43 - 2009-07-14 06:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 19:43 - 2009-07-14 06:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 19:40 - 2010-02-20 01:36 - 00000012 ____H () C:\dvmexp.idx
2015-04-09 19:30 - 2014-11-13 12:53 - 00424930 _____ () C:\Windows\setupact.log
2015-04-09 19:30 - 2014-11-13 11:17 - 00000000 ____D () C:\Windows\CryptoGuard
2015-04-09 19:30 - 2010-02-20 00:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-09 19:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 23:04 - 2011-01-09 17:52 - 05458432 ___SH () C:\Users\MJ\Desktop\Thumbs.db
2015-04-08 22:58 - 2014-11-13 12:53 - 00180112 _____ () C:\Windows\PFRO.log
2015-04-08 22:41 - 2014-11-13 20:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-07 20:40 - 2010-02-20 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-07 20:40 - 2010-02-20 01:31 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-07 20:40 - 2010-02-20 01:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-07 20:37 - 2010-02-23 18:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-07 20:27 - 2011-05-22 07:47 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\proDAD
2015-04-07 20:12 - 2011-05-22 07:22 - 00000000 ____D () C:\ProgramData\Pinnacle
2015-04-06 21:55 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 21:44 - 2012-01-13 19:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 21:26 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2015-04-06 21:25 - 2010-02-20 18:32 - 00000000 ____D () C:\ProgramData\ICQ
2015-04-06 20:35 - 2009-07-14 19:58 - 08843262 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 20:35 - 2009-07-14 19:58 - 02684186 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 20:35 - 2009-07-14 07:13 - 00006564 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-05 05:13 - 2010-02-20 00:04 - 00000000 ____D () C:\Users\MJ
2015-04-03 00:22 - 2010-04-05 11:16 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\UseNeXT
2015-04-03 00:17 - 2010-02-26 12:16 - 00000000 ____D () C:\Users\MJ\Documents\UseNeXT
2015-03-31 22:09 - 2011-03-18 11:25 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-03-31 22:08 - 2011-04-20 20:34 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-31 22:08 - 2011-04-20 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-31 22:05 - 2010-02-20 13:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\WinRAR
2015-03-31 21:34 - 2010-02-26 15:12 - 00000000 ____D () C:\Users\MJ\AppData\Roaming\dvdcss
2015-03-22 03:37 - 2010-02-23 18:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-21 13:25 - 2011-02-17 22:57 - 01340416 ___SH () C:\Users\MJ\Downloads\Thumbs.db
2015-03-11 21:14 - 2014-11-13 12:04 - 00000000 ____D () C:\Program Files (x86)\Avira

==================== Files in the root of some directories =======

2014-09-18 22:28 - 2014-11-13 12:06 - 0000093 _____ () C:\Users\MJ\AppData\Roaming\WB.CFG
2010-08-20 10:18 - 2014-11-15 01:34 - 0007680 _____ () C:\Users\MJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-02-20 01:16 - 2014-08-25 20:02 - 0007603 _____ () C:\Users\MJ\AppData\Local\resmon.resmoncfg
2012-08-16 01:00 - 2012-08-16 01:00 - 0000000 _____ () C:\ProgramData\0x0304A000.sfl
2012-12-02 13:30 - 2015-01-08 01:24 - 0008571 _____ () C:\ProgramData\LMADLscan.log
2012-10-31 01:00 - 2013-09-07 21:02 - 0006400 _____ () C:\ProgramData\NanoRepository.bin
2012-10-31 01:00 - 2013-07-27 01:00 - 0006400 _____ () C:\ProgramData\NanoRepository.bin.bak
2010-08-07 11:57 - 2010-08-07 11:57 - 0000040 _____ () C:\ProgramData\ra3.ini
2011-05-22 07:37 - 2011-05-22 07:38 - 0001726 _____ () C:\ProgramData\__wdump.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 03:39

==================== End Of Log ============================

--- --- ---

+ die Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MJ at 2015-04-10 07:14:38
Running from C:\Users\MJ\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AllDup 3.4.12 (HKLM-x32\...\AllDup_is1) (Version: 3.4.12 - Michael Thummerer Software Design)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
calibre (HKLM-x32\...\{3FBA72CD-A3EB-42A2-89DF-DF2366BEA779}) (Version: 2.10.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.03 - Piriform)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.4.2.13 - INTENIUM GmbH)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DVBViewer TE2 (HKLM-x32\...\DVBViewer TE2_is1) (Version:  - CM&V)
DVDFab 8.0.9.8 (08/06/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
eMedia Gitarrenschule (HKLM-x32\...\{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}) (Version:  - eMedia Corporation)
EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.02.01 - )
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Guitar Hero World Tour (HKLM-x32\...\{A126E617-63F0-4E57-BFA4-7190F5845C39}) (Version: 1.0 - Aspyr)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lara Croft and the Temple of Osiris (HKLM-x32\...\Steam App 289690) (Version:  - Crystal Dynamics)
Lexmark Pro5500 Series Deinstallationsprogamm (HKLM\...\Lexmark Pro5500 Series) (Version:  - Lexmark International, Inc.)
Logitech GamePanel Software 3.04.143 (HKLM\...\{109945A8-D8D5-48B8-B4A5-195D3F99B56D}) (Version: 3.04.143 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
LOST PLANET 2 (x32 Version: 1.0.0001.131 - CAPCOM CO., LTD.) Hidden
MainConcept DTV Decoder Standard (HKLM-x32\...\{059A00AC-1205-423C-91C7-7E6168D804DA}) (Version: 1.5.0.2 - MainConcept GmbH)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Controller-Treiber 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2716 - Electronic Arts, Inc.)
Panda Security Toolbar (HKLM-x32\...\pandasecuritytb) (Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.0.14 - Panda Security)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Prince of Persia T2T (HKLM-x32\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version:  - )
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
RATattack 0.2 (HKLM-x32\...\RATattack) (Version: 0.2 - )
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
Razer Imperator (HKLM-x32\...\{C05905B9-775A-4894-A4DF-B57C15250958}) (Version: 2.02.00 - Razer USA Ltd.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rocksmith (HKLM-x32\...\Steam App 205190) (Version:  - )
Sacred 2 (HKLM-x32\...\{1023383E-D9F6-478C-A965-23A4657B3C9A}) (Version: 2.64.0.0 - Deep Silver)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (2.0.0.2001) (HKLM-x32\...\Secunia PSI) (Version:  - )
Skype™ 5.1 (HKLM-x32\...\{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}) (Version: 5.1.112 - Skype Technologies S.A.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
T.Probe (HKLM-x32\...\{29A47E79-7287-4C52-9667-B4CDEEE14B58}) (Version: 1.00.10 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TechniSat DVB-PC TV Star (HKLM-x32\...\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}) (Version: 4.3.3 - TechniSat)
Technisat DVB-VC80 Redistributable Modules (HKLM-x32\...\{134007CC-7026-46C2-B46F-40D9FD2AF385}) (Version: 1.0.0 - Technisat)
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.01.08 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vtune 7.8 (HKLM-x32\...\Vtune_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
X-Wave MP3 Cutter Joiner 1.1 (HKLM-x32\...\X-Wave MP3 Cutter Joiner) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2838978309-1536262354-1386303622-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\MJ\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20DA664F-8A96-49A2-8EC8-C72937327E49} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: {3474A636-D8FE-4D6A-9A48-85C591234BBD} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-09-09] (ASUSTeK Computer Inc.)
Task: {3621F74F-63BB-4D61-AC77-C57C7A0D3AA7} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2009-08-19] (ASUSTeK Computer Inc.)
Task: {982E2711-0A58-415C-9764-D4D4A39F2D99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BCB68B35-684F-450F-B05D-489DBA85F354} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.98\AsLoader.exe [2009-08-20] (ASUSTeK Computer Inc.)

==================== Loaded Modules (whitelisted) ==============

2010-09-03 11:10 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-12-02 12:53 - 2011-11-23 20:35 - 00948360 _____ () C:\Program Files (x86)\Lexmark Pro5500 Series\LMADLmon.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-09-15 18:42 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-02-20 01:31 - 2009-05-22 15:16 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2010-02-20 01:31 - 2008-12-10 21:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2012-12-02 12:53 - 2011-08-22 17:31 - 01454080 _____ () C:\Program Files (x86)\Lexmark Pro5500 Series\lmabdrs.dll
2010-02-20 15:18 - 2009-06-29 13:18 - 00131072 _____ () C:\Program Files (x86)\TechniSat DVB\bin\LIBBZ2.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\MJ\Downloads\204_sondconvoy_-_hey_wir_wolln_die_eisbaern_sehn.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Adobe Solutions:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\atomic cannon explosion - faces of death - us army footage of tactical nuclear bomb fired from a cannon.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Blair Bush Read My Lips PISSTAKE.mpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\DSC00010.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\ghost-rider-wallpaper-29-1280.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\Traktor Dj Studio 3:Roxio EMC Stream
AlternateDataStreams: C:\Users\MJ\Downloads\zum lesen und anschauen:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2838978309-1536262354-1386303622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MJ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 2
MSCONFIG\Services: CouponArificService64 => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate1cadca9dcb73060 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Secunia PSI Agent => 3
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MJ^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BRS => C:\Program Files (x86)\WSE_Lasaoren\BRS\brs.exe -runBRS
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Cpu Level Up help => "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: LMab1err => C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe
MSCONFIG\startupreg: QFan Help => "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: T Probe => "C:\Program Files\ASUS\T Probe\TProbe.exe" -b
MSCONFIG\startupreg: TBPanel => C:\Program Files (x86)\Vtune\TBPanel.exe /A
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: TurboV EVO => "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-2838978309-1536262354-1386303622-500 - Administrator - Disabled)
Gast (S-1-5-21-2838978309-1536262354-1386303622-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2838978309-1536262354-1386303622-1002 - Limited - Enabled)
MJ (S-1-5-21-2838978309-1536262354-1386303622-1001 - Administrator - Enabled) => C:\Users\MJ
UpdatusUser (S-1-5-21-2838978309-1536262354-1386303622-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2015 03:21:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/10/2015 03:20:55 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/09/2015 08:06:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/08/2015 11:10:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/08/2015 11:10:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/08/2015 11:10:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/07/2015 08:43:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:39:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:37:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (04/07/2015 08:35:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary JRAID.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (04/10/2015 04:15:51 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (04/09/2015 07:38:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/09/2015 07:31:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfhlp02
sfsync02
sfvfs02

Error: (04/09/2015 07:31:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.

Error: (04/09/2015 07:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Razer Wizard Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/09/2015 07:30:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Razer Wizard Service erreicht.

Error: (04/09/2015 07:30:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/08/2015 11:05:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (04/08/2015 10:59:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
sfdrv01
sfhlp02
sfsync02
sfvfs02

Error: (04/08/2015 10:58:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TBPanel" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (10/25/2012 06:00:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 102 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (08/30/2011 08:58:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8183.05 MB
Available physical RAM: 5433.75 MB
Total Pagefile: 16364.29 MB
Available Pagefile: 13461.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:42.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 10C34588)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Der Rechner funktioniert.
Soll ich die Dateien, die ESET gefunden hatte löschen oder ignorieren?
Lohnt sich PandaSecurity überhaupt als zusätzlicher Schutz?
Desweiteren muss ich jetzt erstmal den Rechner aufräumen, updaten und etwas schneller machen.

Vielen lieben Dank für die Hilfe. Ich hoffe ich benötige sie so schnell nicht wieder!

schrauber · 10.04.2015, 18:03

Java und Flash updaten.

Panda weg.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\MJ\Downloads\internet-explorer.exe

C:\Users\MJ\Downloads\SoftonicDownloader35864.exe

C:\Users\MJ\Downloads\VirtualBox - CHIP-Installer.exe

C:\Users\MJ\Downloads\VirtualBox Extension Pack - CHIP-Installer.exe

C:\Users\MJ\Downloads\vlc-1.1.9-win32.exe

C:\Users\MJ\Downloads\WindowsXPMode_de-de - CHIP-Installer.exe

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Matze55 · 12.04.2015, 08:38

Hier ist der letzte geforderte Log:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MJ at 2015-04-11 20:51:21 Run:3
Running from C:\Users\MJ\Desktop
Loaded Profiles: MJ (Available profiles: MJ)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\MJ\Downloads\internet-explorer.exe

C:\Users\MJ\Downloads\SoftonicDownloader35864.exe

C:\Users\MJ\Downloads\VirtualBox - CHIP-Installer.exe

C:\Users\MJ\Downloads\VirtualBox Extension Pack - CHIP-Installer.exe

C:\Users\MJ\Downloads\vlc-1.1.9-win32.exe

C:\Users\MJ\Downloads\WindowsXPMode_de-de - CHIP-Installer.exe

Emptytemp:
         
*****************

C:\Users\MJ\Downloads\internet-explorer.exe => Moved successfully.
C:\Users\MJ\Downloads\SoftonicDownloader35864.exe => Moved successfully.
C:\Users\MJ\Downloads\VirtualBox - CHIP-Installer.exe => Moved successfully.
C:\Users\MJ\Downloads\VirtualBox Extension Pack - CHIP-Installer.exe => Moved successfully.
C:\Users\MJ\Downloads\vlc-1.1.9-win32.exe => Moved successfully.
C:\Users\MJ\Downloads\WindowsXPMode_de-de - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 153.1 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:51:27 ====

Vielen lieben Dank für deine Hilfe. Ich werde auch deine anderen Ratschläge befolgen. Ich wünsche noch ein schönes Wochenende.

schrauber · 12.04.2015, 10:20

Gern Geschehen

12.04.2015, 10:20	#14
schrauber /// the machine /// TB-Ausbilder	GUV-Trojaner eingefangen, kein abgesicherter Modus möglich Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

GUV-Trojaner eingefangen, kein abgesicherter Modus möglich

Log-Analyse und Auswertung: GUV-Trojaner eingefangen, kein abgesicherter Modus möglich