Hallo,

Aufgrund kleiner Performanceprobleme und einer ungewöhnlich hohen Auslastung(30%+) des Arbeitspeichers und extremer Auslastung der Datennutzung(99%) wenn sämtliche Programme ausgeschaltet sind, hege ich den Verdacht mir ein Rootkit bzw. Malware eingefangen zu haben.
Ich bin misstrauisch da ich bereits vor längerer Zeit auf einem anderen Computer Probleme mit einem Rootkit hatte. Die einzige Maßnahme die ich bisher selber ergriffen habe außer mir den Taskmanageer genauer anzuschauen ist ein ordnungsgemäßer Scan mit Gmer.
Zuviele svchost.exe Dateien und einige Registry Dateien scheinen meinen Verdacht zu bestätigen, jedoch muss ich zugeben keine Ahnung zu haben. Ich bräuchte dringend Hilfe bei der Identifizierung und Entfernung von einem Rootkit und Malware(falls vorhanden) und wäre unendlich dankbar wenn mich jemand von euch dabei unterstützen würde.
Ich bedanke mich schonmal im vorraus.

MfG Benjamin

Code: Alles auswählenAufklappen

ATTFilter

---- Kernel IAT/EAT - GMER 2.1 ----

IAT     C:\Windows\System32\drivers\partmgr.sys[ntoskrnl.exe!IoWritePartitionTableEx]                                                                [fffff800ae35e308] \SystemRoot\System32\Drivers\AppleMNT.sys [.text]
IAT     C:\Windows\System32\drivers\partmgr.sys[ntoskrnl.exe!IoSetPartitionInformationEx]                                                            [fffff800ae35e3bc] \SystemRoot\System32\Drivers\AppleMNT.sys [.text]
IAT     C:\Windows\System32\drivers\partmgr.sys[ntoskrnl.exe!IoReadPartitionTableEx]                                                                 [fffff800ae35e1c8] \SystemRoot\System32\Drivers\AppleMNT.sys [.text]
IAT     C:\Windows\System32\drivers\CLASSPNP.SYS[ntoskrnl.exe!IoReadPartitionTableEx]                                                                [fffff800ae35e1c8] \SystemRoot\System32\Drivers\AppleMNT.sys [.text]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [492:4136]                                                                                                     fffff9600085a2d0
Thread  C:\Windows\system32\svchost.exe [864:1848]                                                                                                   00007ffd04441dc0
Thread  C:\Windows\system32\svchost.exe [864:1888]                                                                                                   00007ffd036fce30
Thread  C:\Windows\system32\svchost.exe [864:3052]                                                                                                   00007ffd00ef7240
Thread  C:\Windows\system32\svchost.exe [864:976]                                                                                                    00007ffd010a1ed0
Thread  C:\Windows\system32\svchost.exe [864:3572]                                                                                                   00007ffd010a1ed0
Thread  C:\Windows\system32\svchost.exe [864:5664]                                                                                                   00007ffd05b14ee0
Thread  C:\Windows\system32\svchost.exe [864:7896]                                                                                                   00007ffd041b39b0
Thread  C:\Windows\system32\svchost.exe [864:5304]                                                                                                   00007ffd03751050
Thread  C:\Windows\system32\svchost.exe [864:9104]                                                                                                   00007ffd00877470
Thread  C:\Windows\system32\svchost.exe [864:9088]                                                                                                   00007ffd00877470
Thread  C:\Windows\system32\svchost.exe [864:8904]                                                                                                   00007ffd00877470
Thread  C:\Windows\system32\svchost.exe [864:9012]                                                                                                   00007ffd01e6b3a0
Thread  C:\Windows\system32\svchost.exe [864:8984]                                                                                                   00007ffd01e6b3a0
Thread  C:\Windows\system32\svchost.exe [1152:2548]                                                                                                  00007ffd007f4440
Thread  C:\Windows\system32\svchost.exe [1152:2552]                                                                                                  00007ffd007c1600
Thread  C:\Windows\system32\svchost.exe [1152:2556]                                                                                                  00007ffd00761b70
Thread  C:\Windows\system32\svchost.exe [1152:1732]                                                                                                  00007ffd007f1040
Thread  C:\Windows\system32\AppleOSSMgr.exe [1300:1312]                                                                                              00007ffd0d5d5aa0
Thread  C:\Windows\system32\svchost.exe [1596:1696]                                                                                                  000000000040b1a4
Thread  C:\Windows\system32\svchost.exe [1596:2984]                                                                                                  00007ffd046e4a30
Thread  C:\Windows\system32\svchost.exe [1596:5640]                                                                                                  00007ffd04711120
Thread  C:\Windows\system32\svchost.exe [1596:5660]                                                                                                  00007ffd046c3460
Thread  C:\Windows\System32\WUDFHost.exe [1780:2028]                                                                                                 00007ffd029e87a0
Thread  C:\Windows\System32\WUDFHost.exe [1780:2052]                                                                                                 00007ffd02f2b8b0
Thread  C:\Windows\system32\taskhostex.exe [2396:2528]                                                                                               00007ffd00fe2100
Thread  C:\Windows\system32\taskhostex.exe [2396:2532]                                                                                               00007ffd00c024e0
Thread  C:\Windows\system32\taskhostex.exe [2396:2540]                                                                                               00007ffd0e23c5c0
Thread  C:\Windows\system32\taskhostex.exe [2396:2544]                                                                                               00007ffd046e1120
Thread  C:\Windows\system32\taskhostex.exe [2396:516]                                                                                                00007ffd00877470
Thread  C:\Windows\system32\WLANExt.exe [6064:6132]                                                                                                  000000018000b6d4
Thread  C:\Windows\system32\WLANExt.exe [6064:6136]                                                                                                  000000018000b6f0
Thread  C:\Windows\system32\WLANExt.exe [6064:6140]                                                                                                  000000018000b6b8
Thread  C:\Windows\system32\WLANExt.exe [6064:1788]                                                                                                  00000001800221a0
Thread  C:\Windows\system32\WLANExt.exe [6064:5188]                                                                                                  00007ffd06cbf3c0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration                                                          31
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{02CF72CE-37EA-4DEC-AE5B-2F7A5611175C}\Connection@Name  isatap.fritz.box
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                            -188608417
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a886dd94785b                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{02CF72CE-37EA-4DEC-AE5B-2F7A5611175C}@ReusableType                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{02CF72CE-37EA-4DEC-AE5B-2F7A5611175C}@DefunctTimestamp                    0x3C 0x18 0x5C 0x55 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                              1501
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                             501
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges                                                            8
Reg     HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@0                                                                                     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk?C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe??
Reg     HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                  C:\Users\shinigami_\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BrLauncher.exe_9e51632b225cf66a9c2a574656462fd3c9dda165_e5642e79_1410ca7b

---- EOF - GMER 2.1 ----
         

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
• Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
• Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
• Poste die Logfiles direkt in Deinen Thread in Code-Tags.
• Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für die schnelle Antwort

FRST Logfile:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by shinigami_ (administrator) on SHINIGAMI on 20-05-2015 23:35:05
Running from C:\Users\shinigami_\Desktop
Loaded Profiles: shinigami_ (Available profiles: shinigami_)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-01-31] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-553928343-2221926330-1541497597-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
HKU\S-1-5-21-553928343-2221926330-1541497597-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-553928343-2221926330-1541497597-1001\...\Run: [GoogleChromeAutoLaunch_7EE653C0F84CCB7C199392703010DC83] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-553928343-2221926330-1541497597-1001\...\MountPoints2: {e5400664-d2be-11e4-824e-806e6f6e6963} - "D:\start.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-553928343-2221926330-1541497597-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hppp&ts=1426973589&from=tugs&uid=APPLEXHDDXHTS545050A7E362_TNS5193THDTRKGHDTRKGX
CHR Profile: C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-25]
CHR Extension: (Google Docs) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-25]
CHR Extension: (Google Drive) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-25]
CHR Extension: (YouTube) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-25]
CHR Extension: (Adblock Plus) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-30]
CHR Extension: (Google Search) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-25]
CHR Extension: (Google Sheets) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-25]
CHR Extension: (Bookmark Manager) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]
CHR Extension: (Gmail) - C:\Users\shinigami_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-01-31] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 applemtm; C:\Windows\system32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
R3 applemtp; C:\Windows\system32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 23:35 - 2015-05-20 23:35 - 00010080 _____ () C:\Users\shinigami_\Desktop\FRST.txt
2015-05-20 23:34 - 2015-05-20 23:35 - 00000000 ____D () C:\FRST
2015-05-20 23:30 - 2015-05-20 23:31 - 02107904 _____ (Farbar) C:\Users\shinigami_\Desktop\FRST64.exe
2015-05-20 18:33 - 2015-05-20 18:33 - 00380416 _____ () C:\Users\shinigami_\Downloads\blagtzurhsd.exe.exe
2015-05-20 18:23 - 2015-05-20 18:23 - 00000000 ____D () C:\Users\shinigami_\AppData\Roaming\AVG
2015-05-20 18:22 - 2015-05-20 18:22 - 00000000 ____D () C:\Users\shinigami_\AppData\Local\Avg
2015-05-20 18:21 - 2015-05-20 18:23 - 00000000 ____D () C:\ProgramData\AVG
2015-05-20 18:19 - 2015-05-20 18:19 - 00398712 _____ () C:\Users\shinigami_\Downloads\e73f19hl_CB-DL-Manager.exe
2015-05-20 14:30 - 2015-05-20 18:38 - 00000000 ____D () C:\Users\shinigami_\AppData\Roaming\TS3Client
2015-05-20 14:30 - 2015-05-20 14:30 - 00001182 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-05-20 14:30 - 2015-05-20 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-05-20 14:30 - 2015-05-20 14:30 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2015-05-20 14:27 - 2015-05-20 14:28 - 01203488 _____ () C:\Users\shinigami_\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2015-05-17 15:48 - 2015-05-17 15:48 - 00071880 _____ () C:\Users\shinigami_\Downloads\krimzcfgzXAGsehF.zip
2015-05-17 15:47 - 2015-05-17 15:47 - 00003763 _____ () C:\Users\shinigami_\Downloads\olofmconfigQSwDGIPn.zip
2015-05-17 02:02 - 2015-05-17 02:02 - 00000000 ____D () C:\Neuer Ordner
2015-05-13 09:01 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:01 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:04 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:04 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 08:04 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:04 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:04 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:04 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 08:04 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:04 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-13 08:04 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-13 08:03 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 08:03 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 08:03 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:03 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 08:03 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 08:03 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 08:03 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 08:03 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 08:03 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 08:03 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 08:03 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 08:03 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 08:03 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 08:03 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:03 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:03 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:03 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 08:03 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 08:03 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 08:03 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 08:03 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 08:02 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:02 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:02 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:02 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:02 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:02 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:02 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:02 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:02 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:02 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:02 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:02 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:02 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:02 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:02 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:02 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:02 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:02 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:02 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:02 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:02 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:02 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:02 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:02 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:02 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:02 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:02 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:02 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:02 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:02 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 08:02 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 08:02 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 08:02 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 08:01 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:01 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 08:01 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 08:01 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:01 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 08:01 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 08:01 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:01 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 08:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:01 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 08:01 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 08:01 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:01 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-11 10:51 - 2015-05-11 10:51 - 00065682 _____ () C:\Users\shinigami_\Downloads\Download (1)
2015-05-11 10:51 - 2015-05-11 10:51 - 00065682 _____ () C:\Users\shinigami_\Downloads\Download
2015-05-10 22:26 - 2015-05-10 22:26 - 00000000 ____D () C:\Users\shinigami_\AppData\Local\X-Ways
2015-05-10 18:47 - 2015-05-10 22:26 - 00000621 _____ () C:\Users\shinigami_\Last session shinigami_.prj
2015-05-10 18:37 - 2015-05-10 18:38 - 00000000 ____D () C:\Program Files (x86)\WinHex
2015-05-10 18:37 - 2015-05-10 18:37 - 02366590 _____ () C:\Program Files\winhex18.2.zip
2015-05-10 18:36 - 2015-05-10 18:36 - 01203488 _____ () C:\Users\shinigami_\Downloads\WinHex - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 22:51 - 2015-03-25 10:41 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-20 21:34 - 2015-03-25 10:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-20 21:05 - 2015-03-25 10:41 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9A619EAB-8497-4F76-A1FE-0A1FE66F490A}
2015-05-20 21:02 - 2015-03-25 09:33 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-553928343-2221926330-1541497597-1001
2015-05-20 20:56 - 2015-03-25 10:41 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 20:56 - 2013-08-22 16:46 - 00033162 _____ () C:\Windows\setupact.log
2015-05-20 20:56 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 19:09 - 2015-03-25 09:25 - 01741880 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 18:56 - 2014-11-20 20:24 - 00007470 _____ () C:\Windows\PFRO.log
2015-05-20 18:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-20 15:37 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 15:36 - 2015-04-04 12:56 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 15:36 - 2015-04-04 12:56 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:21 - 2015-03-25 09:26 - 00000000 ____D () C:\Users\shinigami_
2015-05-18 12:46 - 2015-03-25 10:41 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 12:46 - 2015-03-25 10:41 - 00003874 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 01:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-17 12:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 02:13 - 2015-03-26 09:04 - 00047259 _____ () C:\Windows\DirectX.log
2015-05-16 01:38 - 2015-04-13 20:20 - 00000000 ____D () C:\Users\shinigami_\AppData\Roaming\mIRC
2015-05-16 00:58 - 2015-04-13 20:20 - 00000000 ____D () C:\Program Files (x86)\mIRC
2015-05-14 17:53 - 2015-04-09 10:05 - 00013405 _____ () C:\Windows\BRRBCOM.INI
2015-05-14 17:48 - 2013-08-22 16:44 - 00338272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 14:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-14 14:30 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 07:48 - 2015-03-25 10:42 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-13 08:58 - 2015-03-27 11:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 08:53 - 2015-03-27 11:52 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 08:45 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-28 08:52 - 2014-11-21 05:35 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 08:52 - 2014-11-21 04:45 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-04-28 08:52 - 2014-11-21 04:45 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-04-22 15:15 - 2015-03-25 10:38 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2015-05-10 18:37 - 2015-05-10 18:37 - 2366590 _____ () C:\Program Files\winhex18.2.zip

Some content of TEMP:
====================
C:\Users\shinigami_\AppData\Local\Temp\0208037a750f4bb182483d9e9ac5a94e.dll
C:\Users\shinigami_\AppData\Local\Temp\03022ef6ab9944e4a87af2c25d1368ef.dll
C:\Users\shinigami_\AppData\Local\Temp\038bc64642dc48aabc70846c43d7e1a5.exe
C:\Users\shinigami_\AppData\Local\Temp\0a0629b4ffa540b7b3ffeedebb471521.exe
C:\Users\shinigami_\AppData\Local\Temp\0a8d94aee7db40128ab4a3cb2aceb36f.dll
C:\Users\shinigami_\AppData\Local\Temp\0b23195547974163a9c1ac72a27efe58.exe
C:\Users\shinigami_\AppData\Local\Temp\0f38895ae5ad40258c5cd38fffaee510.dll
C:\Users\shinigami_\AppData\Local\Temp\0f715a49891b41e3976e8a19728a7a21.exe
C:\Users\shinigami_\AppData\Local\Temp\105730a3f8dd4c4d899aced7ddfb7416.exe
C:\Users\shinigami_\AppData\Local\Temp\195dfabff950410a91500b7faa21f5cc.exe
C:\Users\shinigami_\AppData\Local\Temp\20963621cf8e4d8f936fba237b8dc7cd.exe
C:\Users\shinigami_\AppData\Local\Temp\2807e8c2ecfa4c05a31937846f301a43.dll
C:\Users\shinigami_\AppData\Local\Temp\287ded33268d4566bdbeb82fe21771f9.exe
C:\Users\shinigami_\AppData\Local\Temp\2b9ce0f3f8cb484faf6992202793046c.dll
C:\Users\shinigami_\AppData\Local\Temp\2e24ae69cfb147c482bca5dfd738672e.dll
C:\Users\shinigami_\AppData\Local\Temp\2e7b2f83f3a14581a250339b42fddc65.dll
C:\Users\shinigami_\AppData\Local\Temp\2ed6910402bf49f2bf7091670f0a3c2f.dll
C:\Users\shinigami_\AppData\Local\Temp\3180083019e74f44852b2d3186ef5d40.dll
C:\Users\shinigami_\AppData\Local\Temp\351340318f8546a892da7c1cf5362b12.dll
C:\Users\shinigami_\AppData\Local\Temp\379fb64637074b3c8e3a96656ecc3e36.exe
C:\Users\shinigami_\AppData\Local\Temp\38f188aaf6954a18828e12a416238cd3.dll
C:\Users\shinigami_\AppData\Local\Temp\473592d9ad9c47af983a340420fb2fdf.dll
C:\Users\shinigami_\AppData\Local\Temp\4eab574f69874372bcd34fedf8551ee7.exe
C:\Users\shinigami_\AppData\Local\Temp\55c1bfd96a7e47efa94b934d0c92783e.dll
C:\Users\shinigami_\AppData\Local\Temp\56f22e61d3094589b6053e3767ac9957.dll
C:\Users\shinigami_\AppData\Local\Temp\5e5dbb819ab347bfb7f8dfb371931704.dll
C:\Users\shinigami_\AppData\Local\Temp\6399f338da9d4ce6b91e547556960b2a.dll
C:\Users\shinigami_\AppData\Local\Temp\66a8a1d038b8456ab5af77a1b36d2bda.dll
C:\Users\shinigami_\AppData\Local\Temp\693156e9f2334fbdabe269a0b48d4461.exe
C:\Users\shinigami_\AppData\Local\Temp\6bc4e6e15715415485714dcf2733b7a9.dll
C:\Users\shinigami_\AppData\Local\Temp\6e443f80448142149d47c594caf0676a.dll
C:\Users\shinigami_\AppData\Local\Temp\705ebca337cb4d598b06b4c418e17f44.dll
C:\Users\shinigami_\AppData\Local\Temp\77408a5e021e4917847695a5ad49ad0e.dll
C:\Users\shinigami_\AppData\Local\Temp\7be6e2540326467482e5f30722f59bcf.dll
C:\Users\shinigami_\AppData\Local\Temp\81e9be04c381490282c1bfada831c7ec.exe
C:\Users\shinigami_\AppData\Local\Temp\88dfed53dd844279a99dee3572938be1.exe
C:\Users\shinigami_\AppData\Local\Temp\8a42474f66fe477bad278035680e5649.exe
C:\Users\shinigami_\AppData\Local\Temp\8f305351effa44e8a6c1f2439cb9efd9.exe
C:\Users\shinigami_\AppData\Local\Temp\9392d859b55d47989d391bb98b896f52.exe
C:\Users\shinigami_\AppData\Local\Temp\95d5abed9e154db8a77fbf93a2b178dd.dll
C:\Users\shinigami_\AppData\Local\Temp\99bf492b5c5a43869e5468bd5e7f3f60.exe
C:\Users\shinigami_\AppData\Local\Temp\9b36682e70d74a6c8f2980448c891d2f.dll
C:\Users\shinigami_\AppData\Local\Temp\9e1701a7df854f9383d8acf8f6c66afe.dll
C:\Users\shinigami_\AppData\Local\Temp\9eee4e58cc664f0ea9f1ce66dcdd762b.exe
C:\Users\shinigami_\AppData\Local\Temp\a9cae74335c4448583e1b0f6b58d4dd2.dll
C:\Users\shinigami_\AppData\Local\Temp\a9d27329988143afb6b48779dcf80869.exe
C:\Users\shinigami_\AppData\Local\Temp\afad8366f7034f26adf29ecf883ef7ff.exe
C:\Users\shinigami_\AppData\Local\Temp\b477754b75674f6db11f931abac21869.dll
C:\Users\shinigami_\AppData\Local\Temp\b609f7afc0034f609db4f1325864bd46.exe
C:\Users\shinigami_\AppData\Local\Temp\b6d7632c76364e1fbbf1874cbcac6d19.dll
C:\Users\shinigami_\AppData\Local\Temp\b78284ed1a9c4694914d490dcaff8f31.dll
C:\Users\shinigami_\AppData\Local\Temp\b90cc03e51604a8eb0923d844d269ffe.dll
C:\Users\shinigami_\AppData\Local\Temp\bb7815322ee04cd1ad6f070171e504ce.dll
C:\Users\shinigami_\AppData\Local\Temp\c1f4270479014455b3d7845502a365af.dll
C:\Users\shinigami_\AppData\Local\Temp\c2e1c5a843be4320b1b6526141316be8.dll
C:\Users\shinigami_\AppData\Local\Temp\c651db662c4f4b47b7aa93c1f1fde123.exe
C:\Users\shinigami_\AppData\Local\Temp\d0c279eb475a4563b3384ce70c4f68d2.exe
C:\Users\shinigami_\AppData\Local\Temp\d10aedc258304833bf2f2da2c34e3d0c.exe
C:\Users\shinigami_\AppData\Local\Temp\d80ab141233b4df288532a5fed4baf86.exe
C:\Users\shinigami_\AppData\Local\Temp\dfc549de9c96459db015e38f4882c9a4.exe
C:\Users\shinigami_\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\shinigami_\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\shinigami_\AppData\Local\Temp\e72395e4dd324329aaac6a5fab06201e.exe
C:\Users\shinigami_\AppData\Local\Temp\f193e80536ea401985a80f60ef8648dc.dll
C:\Users\shinigami_\AppData\Local\Temp\f24c2825043a4d6ab48f95e3d8bd7af2.dll
C:\Users\shinigami_\AppData\Local\Temp\f6e3b9f94cd640c183f94558cb3083d6.dll
C:\Users\shinigami_\AppData\Local\Temp\fb7e73704619489994f932d1a1456057.exe
C:\Users\shinigami_\AppData\Local\Temp\fdb5a19c99fd4cd8a64d17f723117923.exe
C:\Users\shinigami_\AppData\Local\Temp\IntelxHCISetup.exe
C:\Users\shinigami_\AppData\Local\Temp\mirc741.exe
C:\Users\shinigami_\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\shinigami_\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\shinigami_\AppData\Local\Temp\_is243E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 12:12

==================== End Of Log ============================
         

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Und hier die Addition-Datei:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by shinigami_ at 2015-05-20 23:36:07
Running from C:\Users\shinigami_\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-553928343-2221926330-1541497597-500 - Administrator - Disabled)
Gast (S-1-5-21-553928343-2221926330-1541497597-501 - Limited - Disabled)
shinigami_ (S-1-5-21-553928343-2221926330-1541497597-1001 - Administrator - Enabled) => C:\Users\shinigami_

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boot Camp-Dienste (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5621 - Apple Inc.)
Brother MFL-Pro Suite DCP-J4120DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.41 - mIRC Co. Ltd.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Windows-Treiberpaket - AMD (amdkmafd) System  (09/22/2012 9.002.0.0000) (HKLM\...\203795FBE6DF8F5E5F7AFFD457E83797A053787C) (Version: 09/22/2012 9.002.0.0000 - AMD)
Windows-Treiberpaket - Apple Inc. (AppleCamera) Image  (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/10/2013 5.0.4.0) (HKLM\...\EC3BA08E32AD503AB708B97F11CE09D06BCC9604) (Version: 04/10/2013 5.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows-Treiberpaket - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows-Treiberpaket - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (12/13/2013 6.30.223.215) (HKLM\...\59EE3461B77229A4F846543766A6EFF2F2BAFC6B) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows-Treiberpaket - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows-Treiberpaket - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows-Treiberpaket - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows-Treiberpaket - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows-Treiberpaket - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows-Treiberpaket - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows-Treiberpaket - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinHex (HKLM-x32\...\WinHex) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-05-2015 11:05:40 Windows Update
11-05-2015 07:06:32 Geplanter Prüfpunkt
16-05-2015 22:35:50 DirectX wurde installiert
20-05-2015 15:35:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22F05F98-FF1E-4970-8CAE-70CE86CD57B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {425D4CCF-5BC6-405D-A882-A8734155DF14} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {669F47B8-0C1C-495F-9D08-A4C9E5FEFC7B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {A1739C83-A9B5-4B40-8ADA-AE81A44A23CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C10773B5-53DF-467C-9E25-BD8DD2F38593} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.)
Task: {DEFB1294-F00A-41E4-ADDB-298742AF7725} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-31 18:59 - 2014-01-31 18:59 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2015-02-05 02:24 - 2015-02-05 02:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-04-09 10:03 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-12-11 17:05 - 2013-12-11 17:05 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 20:23 - 2015-03-12 20:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-05-14 07:48 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-14 07:48 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-03-25 09:33 - 2014-01-31 18:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-09 10:03 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-553928343-2221926330-1541497597-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\shinigami_\Desktop\Beautiful-Girls-Wallpapers-HD.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9CD5E65F-8DF9-43D7-B57E-46A904C988F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CCBD9FF8-338D-4BCA-BB2E-B6ED5B8D1B0C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B18CDB0F-F88F-4D77-8463-1CB3503DC15D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8164102E-7694-457C-AE5C-2458E43495AD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{825EA96A-A766-4D81-AEFF-7C762A9685F5}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{35AA20B2-3B6A-4F0B-89FB-88C1911EE0EF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{706C8F23-EDCA-4A1C-A6E9-D250F193B5BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1296F4D7-321F-43A7-849C-CCB5A3ED3217}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{94A58C6C-34F4-49CA-8762-4118213CB498}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7CCDC4F6-6D4E-4533-ABEC-C129A5E8B77E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D91F04D9-2445-4FEC-B64D-655AA5347ECA}C:\users\shinigami_\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\shinigami_\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{EAAFB802-BF05-4A1D-9A86-17F5061DB6B0}C:\users\shinigami_\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\shinigami_\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{98926B7A-D6A8-415C-A92A-6CCB8EF7577E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F87996A8-1E69-4E8F-ACAE-9AC448C2F680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0B849BB7-5E23-4A2A-8E5B-2F2DC8C9248A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{73451243-481B-4D06-91C2-15E4B75E151A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\METAL GEAR RISING REVENGEANCE\METAL GEAR RISING REVENGEANCE.exe
FirewallRules: [{59DA6F2E-5A43-46D1-90C7-84E9FF7EFE9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{FBE65114-69EF-4545-906F-6806773A4A2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori\ori.exe
FirewallRules: [{0E3D446F-79A7-435F-89BA-4C34F65F1961}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{95967350-CA35-4EAF-9ED7-6D502E920AC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{07AA60C0-9CF2-47C6-ACF9-A933A0F3EF34}] => (Allow) LPort=54925
FirewallRules: [{C28884B7-5F45-4C76-BACF-8953DBDB5D0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [{FC8D70C7-D458-4656-9191-2B7869469EAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe
FirewallRules: [TCP Query User{A3F3B168-10F8-4B95-A823-F0CE5BCA3AFE}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{5920FB36-C800-4956-83F2-EC58239F9D03}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{C2009A46-9E31-42B9-8F90-D646BDFCA39D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 06:29:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 42.0.2311.152 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b28

Startzeit: 01d09318e04e4284

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 5b4943c8-ff0d-11e4-8277-a886dd94785b

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/20/2015 06:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: shinigami)
Description: Das Paket „DefaultBrowser_NOPUBLISHERID+Chrome“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7125

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7125

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5750

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5750

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2015 04:05:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4390

Error: (05/20/2015 04:05:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4390


System errors:
=============
Error: (05/20/2015 08:58:44 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:55:05 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 06:55:05 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 06:54:59 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 06:54:59 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 06:54:59 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 06:54:59 PM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (05/20/2015 09:41:02 AM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/20/2015 09:40:32 AM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/20/2015 09:28:12 AM) (Source: DCOM) (EventID: 10010) (User: shinigami)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (05/20/2015 06:29:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.1521b2801d09318e04e42844294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe5b4943c8-ff0d-11e4-8277-a886dd94785b

Error: (05/20/2015 06:29:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: shinigami)
Description: DefaultBrowser_NOPUBLISHERID+Chrome

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7125

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7125

Error: (05/20/2015 04:05:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5750

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5750

Error: (05/20/2015 04:05:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/20/2015 04:05:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4390

Error: (05/20/2015 04:05:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4390


CodeIntegrity Errors:
===================================
  Date: 2015-05-04 04:47:39.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-04 04:47:38.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 15:05:44.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 15:05:44.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 4002.7 MB
Available physical RAM: 2822.61 MB
Total Pagefile: 5346.7 MB
Available Pagefile: 4058.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:139.7 GB) (Free:69.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (BROTHER) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00002280)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=325.3 GB) - (Type=AC)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=139.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

PS: könnte es vielleicht an dem "bonjour service" von Apple liegen? Habe den wahrscheinlich mit dem Hardwaretreiberpaket installiert.

Nur mal so:
GMER ist kein Virenscanner, nicht jeder Eintrag ist gleichbedeutend mit Malware!
Außerdem wirst Du im Taskmanager ein "echtes Rootkit" nicht finden.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

• Download und Anleitung
• Starte Malwarebytes' Anti-Malware (MBAM).
• Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
• Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
• Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

Hey deeprybka,

Nach dem ich beide Programme habe durchlaufen lassen wurden mehrere Backdoors gefunden(unter anderem auch von Windows Defender). Eine Backdoor hat sich direkt nach dem Neustart neu installiert nach dem ich die Bereinigung mit adwcleaner durchgeführt habe(Timelog Windows Defender). Daraufhin sah ich mich veranlasst die Partition meiner Festplatte neu zu formatieren und Windows neu aufzusetzen, hatte gehofft das zu umgehen aber war mir eigentlich schon klar, dass es darauf hinaus laufen wird. Da ich heute einen freien Tag habe und es gleich hinter mich bringen wollte, bitte ich um Verständnis, dass ich diesen Schritt ohne Aufforderung unternommen habe. Ich Danke dir vielmals für deine Zeit!
Ps: lohnt es sich die Schritte die du mir aufgegeben hast in regelmäßigen Abständen durchzuführen oder nur wenn erneut der Verdacht besteht?

Liebe Grüße
Benjamin

Ja, Adwcleaner und v.a. Malwarebytes kann man für regelmäßige Scans benutzen.