Zeus Bot anscheinend auf PC// Brief von Telekom

deeprybka · 08.06.2015, 21:15

OK. Der Chrome sollte sowieso ersetzt werden: (Lesezeichen falls erforderlich vorher sichern)

Schritt 1

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:
Google Chrome
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Schritt 2

Lade ihn von hier neu runter:

https://www.google.de/chrome/browser/desktop/

Schritt 3

Bitte starte FRST erneut, markiere auch die checkbox

und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

PC-1234 · 08.06.2015, 21:40

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Sacharow (administrator) on SACHAROW-PC on 08-06-2015 22:33:36
Running from C:\Users\Sacharow\Desktop
Loaded Profiles: Sacharow &  (Available Profiles: Sacharow)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50064;https=127.0.0.1:50064;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-195686569-1305992119-4081180443-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
HKU\S-1-5-21-195686569-1305992119-4081180443-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} https://biz.lgservice.com/DATA/cab/djvuctrl-6.1.4-en-r34387.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-09]

Chrome: 
=======
CHR Profile: C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-07-15]
CHR Extension: (Google Docs) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]
CHR Extension: (Google Drive) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]
CHR Extension: (Google Search) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]
CHR Extension: (AdBlock) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-04]
CHR Extension: (Isoball 3) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-09-07] (Acronis)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-04-29] (SafeNet Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [425352 2014-04-29] (SafeNet Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [609624 2014-04-29] (SafeNet Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-06-05] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 axtlhwdc; System32\drivers\rimrqxb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 22:33 - 2015-06-08 22:33 - 00000000 ____D C:\Users\Sacharow\Desktop\FRST-OlderVersion
2015-06-08 22:32 - 2015-06-08 22:32 - 00001970 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-08 22:32 - 2015-06-08 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-08 22:19 - 2015-06-08 22:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sacharow\Downloads\revosetup95.exe
2015-06-08 22:19 - 2015-06-08 22:19 - 00001064 _____ C:\Users\Sacharow\Desktop\Revo Uninstaller.lnk
2015-06-08 21:43 - 2015-06-08 21:43 - 00000000 ____D C:\Avenger
2015-06-08 19:10 - 2015-06-08 19:10 - 00000000 __RSH C:\MSDOS.SYS
2015-06-08 19:10 - 2015-06-08 19:10 - 00000000 __RSH C:\IO.SYS
2015-06-08 18:56 - 2015-06-08 18:56 - 02870984 _____ (ESET) C:\Users\Sacharow\Downloads\esetsmartinstaller_deu.exe
2015-06-08 18:56 - 2015-06-08 18:56 - 02870984 _____ (ESET) C:\Users\Sacharow\Desktop\esetsmartinstaller_deu.exe
2015-06-08 17:47 - 2015-06-08 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 17:47 - 2015-06-08 17:47 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-08 17:47 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-08 17:47 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 17:47 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 17:46 - 2015-06-08 17:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sacharow\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-07 23:40 - 2015-06-07 23:40 - 00009214 _____ C:\ComboFix.txt
2015-06-07 22:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-07 22:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-07 22:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-07 22:01 - 2015-06-07 22:01 - 00140272 _____ C:\Windows\Minidump\Mini060715-01.dmp
2015-06-07 21:34 - 2015-06-07 23:40 - 00000000 ____D C:\Qoobox
2015-06-07 21:33 - 2015-06-07 23:38 - 00000000 ____D C:\Windows\erdnt
2015-06-07 21:31 - 2015-06-07 21:31 - 05628238 ____R (Swearware) C:\Users\Sacharow\Desktop\ComboFix.exe
2015-06-07 21:31 - 2015-06-07 21:31 - 05628238 _____ (Swearware) C:\Users\Sacharow\Downloads\ComboFix.exe
2015-06-07 19:05 - 2015-06-07 19:05 - 00001505 _____ C:\Users\Sacharow\Downloads\Übers Buch.xwd
2015-06-07 17:50 - 2015-06-07 17:50 - 02231296 _____ C:\Users\Sacharow\Downloads\AdwCleaner_4.206.exe
2015-06-07 17:50 - 2015-06-07 17:50 - 02231296 _____ C:\Users\Sacharow\Desktop\AdwCleaner_4.206.exe
2015-06-07 17:46 - 2015-06-07 17:46 - 00162667 _____ C:\Users\Sacharow\Downloads\Datei 07.06.15 17 07 51.jpeg
2015-06-07 11:52 - 2015-06-07 11:54 - 00031218 _____ C:\Users\Sacharow\Desktop\Addition.txt
2015-06-07 11:51 - 2015-06-08 22:34 - 00015889 _____ C:\Users\Sacharow\Desktop\FRST.txt
2015-06-07 11:50 - 2015-06-08 22:33 - 01147904 _____ (Farbar) C:\Users\Sacharow\Desktop\FRST.exe
2015-06-07 11:50 - 2015-06-08 22:33 - 00000000 ____D C:\FRST
2015-06-07 11:50 - 2015-06-07 11:50 - 01147392 _____ (Farbar) C:\Users\Sacharow\Downloads\FRST.exe
2015-06-06 22:56 - 2015-06-06 22:56 - 22061992 _____ (SUPERAntiSpyware) C:\Users\Sacharow\Downloads\SUPERAntiSpyware.exe
2015-06-06 22:52 - 2015-06-06 22:53 - 05198336 _____ (AVAST Software) C:\Users\Sacharow\Downloads\aswMBR.exe
2015-06-06 22:39 - 2015-06-06 22:39 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Avira
2015-06-06 22:34 - 2015-06-06 22:34 - 00115208 _____ C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 22:34 - 2015-06-06 22:34 - 00000956 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000951 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000922 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Apple Computer
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\Wondershare
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\Google
2015-06-06 22:33 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick
2015-06-06 22:33 - 2015-06-06 22:33 - 00000020 ___SH C:\Users\Nick\ntuser.ini
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Startmenü
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Netzwerkumgebung
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Druckumgebung
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Documents\Eigene Musik
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Documents\Eigene Bilder
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\AppData\Local\Verlauf
2015-06-06 22:33 - 2014-03-07 18:49 - 00000000 ____D C:\Users\Nick\AppData\Local\Microsoft Help
2015-06-06 22:33 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-06 22:33 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-05 10:46 - 2015-06-05 10:46 - 00035992 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-06-05 10:39 - 2015-06-05 10:39 - 00025504 _____ C:\Windows\system32\.crusader
2015-06-05 10:22 - 2015-06-05 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-05 10:22 - 2015-06-05 10:22 - 10105736 _____ (SurfRight B.V.) C:\Users\Sacharow\Downloads\hitmanpro.exe
2015-05-30 20:57 - 2015-05-30 20:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2015-05-27 21:16 - 2015-05-27 21:19 - 00000000 ____D C:\Users\Sacharow\Desktop\Auto
2015-05-26 19:14 - 2015-05-26 19:14 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Firefly Studios
2015-05-26 19:13 - 2015-05-26 19:13 - 00000000 ____D C:\Users\Sacharow\Documents\Stronghold Kingdoms
2015-05-24 18:52 - 2015-05-24 18:52 - 00000216 _____ C:\Users\Sacharow\Desktop\AdVenture Capitalist.url
2015-05-21 19:02 - 2015-05-21 19:02 - 00001896 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-05-18 22:58 - 2015-05-18 22:58 - 00131072 _____ C:\Windows\Minidump\Mini051815-02.dmp
2015-05-18 22:41 - 2015-05-18 22:41 - 00145856 _____ C:\Windows\Minidump\Mini051815-01.dmp
2015-05-18 22:36 - 2015-05-18 22:36 - 04181760 _____ C:\Users\Sacharow\Downloads\Major Lazer & DJ Snake - Lean On (feat. MØ) (Official Music Video).mp3.crdownload
2015-05-18 22:00 - 2015-05-18 22:32 - 00000000 ____D C:\Users\Sacharow\Desktop\Neue Lieder
2015-05-14 12:39 - 2015-05-14 12:39 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Mozilla
2015-05-14 12:39 - 2015-05-14 12:39 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Marmiko IT-Solutions GmbH
2015-05-14 12:39 - 2015-05-14 12:39 - 00000000 ____D C:\Users\Sacharow\AppData\Local\Marmiko IT-Solutions GmbH
2015-05-14 12:02 - 2015-05-14 12:02 - 00145984 _____ C:\Windows\Minidump\Mini051415-01.dmp
2015-05-10 14:22 - 2015-05-10 14:23 - 02947118 _____ C:\Users\Sacharow\Downloads\poster-forge (1).zip
2015-05-09 23:31 - 2015-05-10 14:42 - 03224170 _____ C:\Users\Sacharow\Desktop\Wenn du stirbst, zieht dein ganzes Leben.pptm
2015-05-09 23:31 - 2015-05-09 23:31 - 03181238 _____ C:\Users\Sacharow\Documents\Wenn du stirbst, zieht dein ganzes Leben.pptm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 22:32 - 2013-04-09 22:25 - 00000000 ____D C:\Program Files\Google
2015-06-08 22:31 - 2014-07-15 22:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 22:31 - 2014-07-15 22:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 22:30 - 2013-08-25 15:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 22:03 - 2014-03-16 00:35 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Skype
2015-06-08 22:03 - 2013-03-02 21:44 - 01384798 _____ C:\Windows\WindowsUpdate.log
2015-06-08 22:00 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 22:00 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:00 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:59 - 2015-03-14 19:58 - 00497070 _____ C:\Windows\PFRO.log
2015-06-08 19:02 - 2008-04-16 13:11 - 00000000 ____D C:\Windows\de-DE
2015-06-08 16:18 - 2014-12-23 15:02 - 04697768 _____ () C:\Users\Sacharow\Desktop\TechnicLauncher.exe
2015-06-08 16:17 - 2013-12-08 15:19 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\.technic
2015-06-08 16:16 - 2015-04-01 13:59 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\.minecraft
2015-06-08 16:15 - 2013-11-27 19:51 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Craften Terminal
2015-06-08 16:13 - 2014-10-24 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
2015-06-08 16:13 - 2014-10-24 21:50 - 00000000 ____D C:\Program Files\Craften Terminal
2015-06-08 11:36 - 2006-11-02 15:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-07 23:40 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-06-07 23:40 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-07 23:35 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-06-07 22:51 - 2015-03-18 19:18 - 195573440 _____ C:\Windows\MEMORY.DMP
2015-06-07 22:01 - 2013-04-09 17:57 - 00000000 ____D C:\Windows\Minidump
2015-06-07 19:13 - 2006-11-02 12:33 - 01561546 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 18:08 - 2014-07-15 22:11 - 00000000 ____D C:\AdwCleaner
2015-06-07 11:44 - 2015-03-22 16:06 - 00000020 _____ C:\Users\Sacharow\AppData\Roaming\appdataFr3.bin
2015-06-06 22:47 - 2015-03-26 22:02 - 00000688 _____ C:\Users\Sacharow\Desktop\mobiletrans_setup_full1296.exe.lnk
2015-06-06 22:41 - 2014-06-19 22:14 - 00000000 ____D C:\Program Files\SWX-Auftrag
2015-06-06 22:40 - 2014-10-14 20:27 - 00000000 ____D C:\Windows\uninstall
2015-06-06 22:39 - 2014-10-14 20:27 - 00000000 ____D C:\LAG3000
2015-06-06 22:38 - 2015-02-15 00:23 - 00000000 ____D C:\Program Files\GameforgeLive
2015-06-06 22:38 - 2014-08-20 23:26 - 00000000 ____D C:\Users\Sacharow\AppData\Local\Razer
2015-06-06 22:38 - 2014-08-20 23:26 - 00000000 ____D C:\ProgramData\Razer
2015-06-06 22:31 - 2014-11-08 18:32 - 00000000 ____D C:\ProgramData\EasternGraphics
2015-06-06 17:40 - 2015-01-07 20:41 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-06-06 17:40 - 2015-01-07 20:40 - 00000000 ____D C:\Program Files\Steam
2015-05-30 20:57 - 2015-03-18 19:19 - 00005090 _____ C:\Windows\setupact.log
2015-05-21 19:02 - 2015-04-20 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-21 18:56 - 2015-04-20 18:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-21 18:56 - 2015-04-20 18:30 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-21 18:56 - 2015-04-20 18:30 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-14 12:05 - 2014-03-16 00:35 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-03-22 16:06 - 2015-06-07 11:44 - 0000020 _____ () C:\Users\Sacharow\AppData\Roaming\appdataFr3.bin
2015-04-03 20:50 - 2015-04-03 20:50 - 0000036 ____H () C:\Users\Sacharow\AppData\Roaming\swk.ini
2014-06-01 10:39 - 2014-06-01 10:39 - 0031007 _____ () C:\Users\Sacharow\AppData\Roaming\UserTile.png
2013-03-02 13:08 - 2015-03-24 17:46 - 0002032 _____ () C:\Users\Sacharow\AppData\Local\d3d9caps.dat
2013-04-08 16:00 - 2015-04-02 23:51 - 0022016 _____ () C:\Users\Sacharow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 13:28 - 2014-12-23 13:28 - 0002622 _____ () C:\Users\Sacharow\AppData\Local\recently-used.xbel
2015-04-13 22:22 - 2015-04-13 22:23 - 0004644 _____ () C:\Users\Sacharow\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Sacharow\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-08 22:06

==================== End of log ============================

--- --- ---

ADDITION:

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Sacharow at 2015-06-08 22:34:59
Running from C:\Users\Sacharow\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-195686569-1305992119-4081180443-500 - Administrator - Disabled)
Gast (S-1-5-21-195686569-1305992119-4081180443-501 - Limited - Disabled)
Sacharow (S-1-5-21-195686569-1305992119-4081180443-1000 - Administrator - Enabled) => C:\Users\Sacharow

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace of Spades (HKLM\...\Steam App 224540) (Version:  - Jagex Limited)
Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{DBE1E170-3EF6-AAA5-32C4-A78D98DF86A1}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
ATK Generic Function Service (HKLM\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0049 - ASUS)
ATKOSD2 (HKLM\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0002 - ASUS)
Avira (HKLM\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Craften Terminal 4.1.2 (HKLM\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.1.2 - Craften.de)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Schichtplaner 5 (HKLM\...\Schichtplaner5_is1) (Version: 5.0.8.1 - RPS Planungssysteme GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sigel Beschriftungs-Software für Überweisung und Lastschrift (HKLM\...\Sigel Beschriftungs-Software für Überweisung und Lastschrift) (Version:  - )
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Source SDK Base 2006 (HKLM\...\Steam App 215) (Version:  - Valve)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-195686569-1305992119-4081180443-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WISO Steuer 2014 (HKLM\...\{3D224707-100A-4693-8A5D-BB4379B09393}) (Version: 21.00.8480 - Buhl Data Service GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-04-2015 15:02:14 Removed CDBurnerXP
03-05-2015 13:13:18 Geplanter Prüfpunkt
07-05-2015 19:25:27 Geplanter Prüfpunkt
09-05-2015 10:03:12 Geplanter Prüfpunkt
20-05-2015 21:13:52 Geplanter Prüfpunkt
21-05-2015 15:13:00 Geplanter Prüfpunkt
25-05-2015 15:18:13 Geplanter Prüfpunkt
26-05-2015 20:20:21 Geplanter Prüfpunkt
05-06-2015 10:37:22 Prüfpunkt von HitmanPro
05-06-2015 10:38:10 Prüfpunkt von HitmanPro
06-06-2015 18:14:30 Geplanter Prüfpunkt
07-06-2015 13:33:39 Geplanter Prüfpunkt
08-06-2015 22:20:09 Revo Uninstaller's restore point - Google Chrome
08-06-2015 22:25:46 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-06-07 22:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {317110F4-F7C6-4B01-BE00-5A72E25F7976} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)
Task: {4125F127-27CB-4D6F-8022-127B4571AA0D} - \SUPERAntiSpyware Scheduled Task d5131220-2f8f-4698-b204-74e8574ee9ea No Task File <==== ATTENTION
Task: {4FD7FA03-FE0D-433F-8955-FF89655D2001} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {814DEF4E-F43F-44B0-A4EA-2B299095C4F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {A7ABAB58-1001-41C7-9A41-44B83170478A} - \SUPERAntiSpyware Scheduled Task f158cba3-9794-4dca-ae34-6e7da26a6c92 No Task File <==== ATTENTION
Task: {BF6D2E7B-1214-49C4-AD40-D7629962FF38} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C288E079-2795-4C28-B37E-17A181A5069A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-08-13 21:59 - 2008-08-13 21:59 - 00100920 _____ () C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
2013-03-02 13:14 - 2007-08-08 01:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-13 05:20 - 2015-02-13 05:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-19 04:16 - 2009-03-19 04:16 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-12-07 17:26 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2007-11-12 16:41 - 2007-11-12 16:41 - 00106496 _____ () C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
2015-03-26 21:24 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-03-26 21:24 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0507A16B
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-195686569-1305992119-4081180443-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img18.jpg
HKU\S-1-5-21-195686569-1305992119-4081180443-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9E0E78CA-7D47-4F90-BBCA-5FEF3469EB21}] => (Allow) LPort=80
FirewallRules: [{7EB8EC00-2725-4B85-8860-863791E06DA3}] => (Allow) LPort=80
FirewallRules: [{5ADC1525-3602-47B7-98D4-33F83F6AC956}] => (Allow) LPort=80
FirewallRules: [TCP Query User{BE262293-BD61-4E7B-898F-C34C4DA52B16}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{158F492A-1479-448C-8015-6658D7E8CDE7}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{0E80A2EF-2F7D-4906-BB44-C8059AAD7C5A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{2E6D4853-D0C6-4D0F-8BEA-479792A1939A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{3E54D19C-C7FD-466A-AB77-C5B3D39E4116}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2A4D8B69-67BB-489B-B3A8-01E124A8CCFF}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{DABB16D0-6837-4809-8AB6-465C1873F73F}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E204620C-0273-4DF5-A182-3790531122B4}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E5C1608E-B140-471D-B9F3-DAA7A3F93E25}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C63DAC76-9607-4095-8CE5-7739BB9C1E7A}C:\program files\libreoffice 4\program\soffice.bin] => (Allow) C:\program files\libreoffice 4\program\soffice.bin
FirewallRules: [{B5D347FF-E646-4C5C-8BF1-839FFDAC5BD2}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{D3D19AE3-426E-466F-8C06-1BC5B779C18F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{8AB060E1-618B-43B6-8056-B0E896EDA02E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{F0EBB72E-EA0B-440A-9A10-BD215EE70108}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B6ED4A5-CE59-4589-B826-60366E956DCA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{96CA1CA6-89F6-4CD3-8F82-9A802E948128}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{E128562D-DA4C-4375-BAF3-C23CF9C5BBA9}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{BDAF8DAB-29CC-46F1-B45B-5F21C3B4A87A}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{CAFDB189-73D1-4D2A-BAD9-4CE3C7CE6A49}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{83C1B422-8D08-4999-B070-3F138D589E68}] => (Allow) C:\Program Files\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{FAADBF0D-2F69-486F-99CB-C0DFF6586F0B}] => (Allow) C:\Program Files\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{580E111B-6806-421F-B254-12EBCE2A727B}] => (Allow) C:\Program Files\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{3FFC277D-61A9-4D64-B2B1-0C11979827EF}] => (Allow) C:\Program Files\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{BDA30393-DAB2-441B-A1DE-41711AE11540}] => (Allow) C:\Program Files\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{F245D008-810A-4116-BB3A-55D7D028E363}] => (Allow) C:\Program Files\GameforgeLive\Games\DEU_deu\S.K.I.L.L\Binaries\Win32\sf2.exe
FirewallRules: [{1F4CD58F-7727-410C-96D3-158E7FAB8FF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75173058-F305-40AE-A187-7A81630C814A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{92854FE0-3B09-4585-9DD0-170FB877A69E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{FCB51EC9-8D8D-4E03-A04A-4B54AF873B09}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{59974327-D6FA-46F1-89B0-6DAE0EB61A8A}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{D3261BB3-864F-4194-81ED-98E5228FFAE1}C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B8D7E88A-FD72-4A1F-AF18-6B353316F993}C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4EA54034-70A6-47F3-8B5A-DC9E93B95C3A}C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B0E23D4C-B4CB-43C9-8D2D-94A0B90021E4}C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => (Block) C:\users\sacharow\desktop\runtime\jre-x32\1.8.0_25\bin\javaw.exe
FirewallRules: [{A0F32CC3-46A0-4D8A-9D8B-05DCEF40D059}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{BA0A5EA5-B149-404D-8A41-1A450EEC1907}] => (Allow) C:\Program Files\Steam\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [TCP Query User{7D5E94E4-FBAA-422F-ADF2-214DDBEB5257}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{621413EC-4FF2-4BE9-B80E-847DD4A91ABC}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{B888FD57-CF0F-478D-BF52-F6DBB0FC4CDA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 10:25:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4647b9cd-3b86-42f0-88dd-efdb5de12fad}

Error: (06/08/2015 10:20:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4647b9cd-3b86-42f0-88dd-efdb5de12fad}

Error: (06/08/2015 10:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 10:00:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1864) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (06/08/2015 10:00:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (1864) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (06/08/2015 05:43:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 05:42:58 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (2156) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (06/08/2015 05:42:58 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (2156) GaviDB_0: Versuch, Datei "C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db" für den Lesezugriff zu öffnen, ist mit Systemfehler 3 (0x00000003): "Das System kann den angegebenen Pfad nicht finden. " fehlgeschlagen. Fehler -1023 (0xfffffc01) beim Öffnen von Dateien.

Error: (06/08/2015 04:16:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Craften Terminal.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 76059B30

Error: (06/08/2015 04:15:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung Craften Terminal.exe, Version 4.1.5564.42297, Zeitstempel 0x5515d9e3, fehlerhaftes Modul msvcrt.dll, Version 7.0.6001.18000, Zeitstempel 0x4791a727, Ausnahmecode 0xc0000005, Fehleroffset 0x00009b30,
Prozess-ID 0x%9, Anwendungsstartzeit Craften Terminal.exe0.


System errors:
=============
Error: (08/02/2014 09:30:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 02.08.2014 um 15:46:06 unerwartet heruntergefahren.

Error: (08/01/2014 03:20:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.08.2014 um 13:05:44 unerwartet heruntergefahren.

Error: (08/01/2014 11:04:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.07.2014 um 17:31:55 unerwartet heruntergefahren.

Error: (07/31/2014 03:25:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.07.2014 um 12:38:19 unerwartet heruntergefahren.

Error: (07/31/2014 00:04:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.07.2014 um 12:02:56 unerwartet heruntergefahren.

Error: (07/30/2014 05:36:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 16:49:58 unerwartet heruntergefahren.

Error: (07/30/2014 00:54:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.07.2014 um 19:59:53 unerwartet heruntergefahren.

Error: (07/29/2014 06:49:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.07.2014 um 18:41:18 unerwartet heruntergefahren.

Error: (07/29/2014 05:17:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 29.07.2014 um 13:49:37 unerwartet heruntergefahren.


Microsoft Office:
=========================
Error: (06/08/2015 10:25:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4647b9cd-3b86-42f0-88dd-efdb5de12fad}

Error: (06/08/2015 10:20:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {4647b9cd-3b86-42f0-88dd-efdb5de12fad}

Error: (06/08/2015 10:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 10:00:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1864GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (06/08/2015 10:00:12 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard1864GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (06/08/2015 05:43:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2015 05:42:58 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard2156GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (06/08/2015 05:42:58 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard2156GaviDB_0: C:\ProgramData\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)Das System kann den angegebenen Pfad nicht finden.

Error: (06/08/2015 04:16:04 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Craften Terminal.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 76059B30

Error: (06/08/2015 04:15:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Craften Terminal.exe4.1.5564.422975515d9e3msvcrt.dll7.0.6001.180004791a727c000000500009b30


CodeIntegrity Errors:
===================================
  Date: 2015-06-08 22:34:42.035
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.923
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.822
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.397
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.286
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.185
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:41.083
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:20.404
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-06-08 22:34:20.303
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) X2 Dual-Core QL-64
Percentage of memory in use: 40%
Total physical RAM: 3070.18 MB
Available physical RAM: 1815.85 MB
Total Pagefile: 6352.9 MB
Available Pagefile: 4958.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.75 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:298.09 GB) (Free:101.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ServiceDVD) (CDROM) (Total:2.35 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: F9D71B17)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of log ============================

--- --- ---

deeprybka · 08.06.2015, 22:19

Hi,

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

CloseProcesses:
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
RemoveProxy:
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {4125F127-27CB-4D6F-8022-127B4571AA0D} - \SUPERAntiSpyware Scheduled Task d5131220-2f8f-4698-b204-74e8574ee9ea No Task File 
Task: {A7ABAB58-1001-41C7-9A41-44B83170478A} - \SUPERAntiSpyware Scheduled Task f158cba3-9794-4dca-ae34-6e7da26a6c92 No Task File 
AlternateDataStreams: C:\ProgramData\TEMP:0507A16B
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Program Files\Google\Chrome\Application\GoogleUpdate.dll
CreateRestorePoint:
EmptyTemp:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

PC-1234 · 09.06.2015, 11:58

Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by Sacharow at 2015-06-09 11:39:29 Run:1
Running from C:\Users\Sacharow\Desktop
Loaded Profiles: Sacharow (Available Profiles: Sacharow)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
RemoveProxy:
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {4125F127-27CB-4D6F-8022-127B4571AA0D} - \SUPERAntiSpyware Scheduled Task d5131220-2f8f-4698-b204-74e8574ee9ea No Task File 
Task: {A7ABAB58-1001-41C7-9A41-44B83170478A} - \SUPERAntiSpyware Scheduled Task f158cba3-9794-4dca-ae34-6e7da26a6c92 No Task File 
AlternateDataStreams: C:\ProgramData\TEMP:0507A16B
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
C:\Program Files\Google\Chrome\Application\GoogleUpdate.dll
CreateRestorePoint:
EmptyTemp:
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4125F127-27CB-4D6F-8022-127B4571AA0D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4125F127-27CB-4D6F-8022-127B4571AA0D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task d5131220-2f8f-4698-b204-74e8574ee9ea" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7ABAB58-1001-41C7-9A41-44B83170478A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7ABAB58-1001-41C7-9A41-44B83170478A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task f158cba3-9794-4dca-ae34-6e7da26a6c92" => key removed successfully.
C:\ProgramData\TEMP => ":0507A16B" ADS removed successfully..
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully..
"C:\Program Files\Google\Chrome\Application\GoogleUpdate.dll" => File/Folder not found.
Restore point was successfully created.
EmptyTemp: => 291.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:41:04 ====

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by Sacharow (administrator) on SACHAROW-PC on 09-06-2015 12:53:33
Running from C:\Users\Sacharow\Desktop
Loaded Profiles: Sacharow (Available Profiles: Sacharow)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\setup_wm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Avira\My Avira\Temp\avira_antivirus_de-de.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Avira Operations GmbH & Co. KG) C:\Windows\Temp\RarSFX0\presetup.exe
(Avira Operations GmbH & Co. KG) C:\Windows\Temp\RarSFX0\setup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [98304 2008-08-18] (ASUS)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [8105984 2008-09-02] (ASUS)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31282816 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\...\Run: [WSHelperSetup.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-195686569-1305992119-4081180443-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} https://biz.lgservice.com/DATA/cab/djvuctrl-6.1.4-en-r34387.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-09]

Chrome: 
=======
CHR Profile: C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-07-15]
CHR Extension: (Google Docs) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]
CHR Extension: (Google Drive) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]
CHR Extension: (Google Search) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]
CHR Extension: (AdBlock) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-04]
CHR Extension: (Bookmark Manager) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-08]
CHR Extension: (Isoball 3) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2014-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Google Wallet) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Sacharow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805024 2011-02-01] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2013-09-07] (Acronis)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [100920 2008-08-13] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-04-29] (SafeNet Inc.)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [425352 2014-04-29] (SafeNet Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4386304 2009-03-19] (ATI Technologies Inc.)
R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-21] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-05-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [609624 2014-04-29] (SafeNet Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-06-05] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2008-11-03] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2008-12-24] (ATK0100)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1752704 2008-08-11] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 axtlhwdc; System32\drivers\rimrqxb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 22:33 - 2015-06-08 22:33 - 00000000 ____D C:\Users\Sacharow\Desktop\FRST-OlderVersion
2015-06-08 22:32 - 2015-06-08 22:32 - 00001970 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-08 22:32 - 2015-06-08 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-08 22:19 - 2015-06-08 22:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sacharow\Downloads\revosetup95.exe
2015-06-08 22:19 - 2015-06-08 22:19 - 00001064 _____ C:\Users\Sacharow\Desktop\Revo Uninstaller.lnk
2015-06-08 21:43 - 2015-06-08 21:43 - 00000000 ____D C:\Avenger
2015-06-08 19:10 - 2015-06-08 19:10 - 00000000 __RSH C:\MSDOS.SYS
2015-06-08 19:10 - 2015-06-08 19:10 - 00000000 __RSH C:\IO.SYS
2015-06-08 18:56 - 2015-06-08 18:56 - 02870984 _____ (ESET) C:\Users\Sacharow\Downloads\esetsmartinstaller_deu.exe
2015-06-08 18:56 - 2015-06-08 18:56 - 02870984 _____ (ESET) C:\Users\Sacharow\Desktop\esetsmartinstaller_deu.exe
2015-06-08 17:47 - 2015-06-08 17:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-08 17:47 - 2015-06-08 17:47 - 00000906 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-08 17:47 - 2015-06-08 17:47 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-08 17:47 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-08 17:47 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-08 17:47 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-08 17:46 - 2015-06-08 17:47 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sacharow\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-07 23:40 - 2015-06-07 23:40 - 00009214 _____ C:\ComboFix.txt
2015-06-07 22:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-07 22:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-07 22:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-07 22:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-07 22:01 - 2015-06-07 22:01 - 00140272 _____ C:\Windows\Minidump\Mini060715-01.dmp
2015-06-07 21:34 - 2015-06-07 23:40 - 00000000 ____D C:\Qoobox
2015-06-07 21:33 - 2015-06-07 23:38 - 00000000 ____D C:\Windows\erdnt
2015-06-07 21:31 - 2015-06-07 21:31 - 05628238 ____R (Swearware) C:\Users\Sacharow\Desktop\ComboFix.exe
2015-06-07 21:31 - 2015-06-07 21:31 - 05628238 _____ (Swearware) C:\Users\Sacharow\Downloads\ComboFix.exe
2015-06-07 19:05 - 2015-06-07 19:05 - 00001505 _____ C:\Users\Sacharow\Downloads\Übers Buch.xwd
2015-06-07 17:50 - 2015-06-07 17:50 - 02231296 _____ C:\Users\Sacharow\Downloads\AdwCleaner_4.206.exe
2015-06-07 17:50 - 2015-06-07 17:50 - 02231296 _____ C:\Users\Sacharow\Desktop\AdwCleaner_4.206.exe
2015-06-07 17:46 - 2015-06-07 17:46 - 00162667 _____ C:\Users\Sacharow\Downloads\Datei 07.06.15 17 07 51.jpeg
2015-06-07 11:52 - 2015-06-08 22:36 - 00033181 _____ C:\Users\Sacharow\Desktop\Addition.txt
2015-06-07 11:51 - 2015-06-09 12:53 - 00015502 _____ C:\Users\Sacharow\Desktop\FRST.txt
2015-06-07 11:50 - 2015-06-09 12:53 - 00000000 ____D C:\FRST
2015-06-07 11:50 - 2015-06-08 22:33 - 01147904 _____ (Farbar) C:\Users\Sacharow\Desktop\FRST.exe
2015-06-07 11:50 - 2015-06-07 11:50 - 01147392 _____ (Farbar) C:\Users\Sacharow\Downloads\FRST.exe
2015-06-06 22:56 - 2015-06-06 22:56 - 22061992 _____ (SUPERAntiSpyware) C:\Users\Sacharow\Downloads\SUPERAntiSpyware.exe
2015-06-06 22:52 - 2015-06-06 22:53 - 05198336 _____ (AVAST Software) C:\Users\Sacharow\Downloads\aswMBR.exe
2015-06-06 22:39 - 2015-06-06 22:39 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Avira
2015-06-06 22:34 - 2015-06-06 22:34 - 00115208 _____ C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-06 22:34 - 2015-06-06 22:34 - 00000956 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000951 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000922 _____ C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Apple Computer
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\Wondershare
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore
2015-06-06 22:34 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick\AppData\Local\Google
2015-06-06 22:33 - 2015-06-06 22:34 - 00000000 ____D C:\Users\Nick
2015-06-06 22:33 - 2015-06-06 22:33 - 00000020 ___SH C:\Users\Nick\ntuser.ini
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Startmenü
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Netzwerkumgebung
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Druckumgebung
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Documents\Eigene Musik
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\Documents\Eigene Bilder
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-06 22:33 - 2015-06-06 22:33 - 00000000 _SHDL C:\Users\Nick\AppData\Local\Verlauf
2015-06-06 22:33 - 2014-03-07 18:49 - 00000000 ____D C:\Users\Nick\AppData\Local\Microsoft Help
2015-06-06 22:33 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-06 22:33 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-05 10:46 - 2015-06-05 10:46 - 00035992 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-06-05 10:39 - 2015-06-05 10:39 - 00025504 _____ C:\Windows\system32\.crusader
2015-06-05 10:22 - 2015-06-05 10:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-05 10:22 - 2015-06-05 10:22 - 10105736 _____ (SurfRight B.V.) C:\Users\Sacharow\Downloads\hitmanpro.exe
2015-05-30 20:57 - 2015-05-30 20:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2015-05-27 21:16 - 2015-05-27 21:19 - 00000000 ____D C:\Users\Sacharow\Desktop\Auto
2015-05-26 19:14 - 2015-05-26 19:14 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Firefly Studios
2015-05-26 19:13 - 2015-05-26 19:13 - 00000000 ____D C:\Users\Sacharow\Documents\Stronghold Kingdoms
2015-05-24 18:52 - 2015-05-24 18:52 - 00000216 _____ C:\Users\Sacharow\Desktop\AdVenture Capitalist.url
2015-05-21 19:02 - 2015-05-21 19:02 - 00001896 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-05-18 22:58 - 2015-05-18 22:58 - 00131072 _____ C:\Windows\Minidump\Mini051815-02.dmp
2015-05-18 22:41 - 2015-05-18 22:41 - 00145856 _____ C:\Windows\Minidump\Mini051815-01.dmp
2015-05-18 22:36 - 2015-05-18 22:36 - 04181760 _____ C:\Users\Sacharow\Downloads\Major Lazer & DJ Snake - Lean On (feat. MØ) (Official Music Video).mp3.crdownload
2015-05-18 22:00 - 2015-05-18 22:32 - 00000000 ____D C:\Users\Sacharow\Desktop\Neue Lieder
2015-05-14 12:39 - 2015-06-09 11:40 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Mozilla
2015-05-14 12:39 - 2015-05-14 12:39 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Marmiko IT-Solutions GmbH
2015-05-14 12:39 - 2015-05-14 12:39 - 00000000 ____D C:\Users\Sacharow\AppData\Local\Marmiko IT-Solutions GmbH
2015-05-14 12:02 - 2015-05-14 12:02 - 00145984 _____ C:\Windows\Minidump\Mini051415-01.dmp
2015-05-10 14:22 - 2015-05-10 14:23 - 02947118 _____ C:\Users\Sacharow\Downloads\poster-forge (1).zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 12:49 - 2014-03-16 00:35 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Skype
2015-06-09 12:48 - 2013-03-02 21:44 - 01390827 _____ C:\Windows\WindowsUpdate.log
2015-06-09 12:46 - 2014-07-15 22:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-09 12:46 - 2014-01-31 15:51 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-09 12:45 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 12:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 12:45 - 2006-11-02 14:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 12:27 - 2013-03-02 13:08 - 00002032 _____ C:\Users\Sacharow\AppData\Local\d3d9caps.dat
2015-06-09 12:25 - 2015-03-14 19:58 - 01182098 _____ C:\Windows\PFRO.log
2015-06-09 11:43 - 2006-11-02 15:01 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-09 11:39 - 2006-11-02 13:18 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-09 11:36 - 2014-07-15 22:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 22:32 - 2013-04-09 22:25 - 00000000 ____D C:\Program Files\Google
2015-06-08 22:30 - 2013-08-25 15:45 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 19:02 - 2008-04-16 13:11 - 00000000 ____D C:\Windows\de-DE
2015-06-08 16:18 - 2014-12-23 15:02 - 04697768 _____ () C:\Users\Sacharow\Desktop\TechnicLauncher.exe
2015-06-08 16:17 - 2013-12-08 15:19 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\.technic
2015-06-08 16:16 - 2015-04-01 13:59 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\.minecraft
2015-06-08 16:15 - 2013-11-27 19:51 - 00000000 ____D C:\Users\Sacharow\AppData\Roaming\Craften Terminal
2015-06-08 16:13 - 2014-10-24 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
2015-06-08 16:13 - 2014-10-24 21:50 - 00000000 ____D C:\Program Files\Craften Terminal
2015-06-07 23:40 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2015-06-07 23:40 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2015-06-07 23:35 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini
2015-06-07 22:51 - 2015-03-18 19:18 - 195573440 _____ C:\Windows\MEMORY.DMP
2015-06-07 22:01 - 2013-04-09 17:57 - 00000000 ____D C:\Windows\Minidump
2015-06-07 19:13 - 2006-11-02 12:33 - 01561546 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 18:08 - 2014-07-15 22:11 - 00000000 ____D C:\AdwCleaner
2015-06-07 11:44 - 2015-03-22 16:06 - 00000020 _____ C:\Users\Sacharow\AppData\Roaming\appdataFr3.bin
2015-06-06 22:47 - 2015-03-26 22:02 - 00000688 _____ C:\Users\Sacharow\Desktop\mobiletrans_setup_full1296.exe.lnk
2015-06-06 22:41 - 2014-06-19 22:14 - 00000000 ____D C:\Program Files\SWX-Auftrag
2015-06-06 22:40 - 2014-10-14 20:27 - 00000000 ____D C:\Windows\uninstall
2015-06-06 22:39 - 2014-10-14 20:27 - 00000000 ____D C:\LAG3000
2015-06-06 22:38 - 2015-02-15 00:23 - 00000000 ____D C:\Program Files\GameforgeLive
2015-06-06 22:38 - 2014-08-20 23:26 - 00000000 ____D C:\Users\Sacharow\AppData\Local\Razer
2015-06-06 22:38 - 2014-08-20 23:26 - 00000000 ____D C:\ProgramData\Razer
2015-06-06 22:31 - 2014-11-08 18:32 - 00000000 ____D C:\ProgramData\EasternGraphics
2015-06-06 17:40 - 2015-01-07 20:41 - 00000000 ____D C:\Program Files\Common Files\Steam
2015-06-06 17:40 - 2015-01-07 20:40 - 00000000 ____D C:\Program Files\Steam
2015-05-30 20:57 - 2015-03-18 19:19 - 00005090 _____ C:\Windows\setupact.log
2015-05-27 13:11 - 2015-04-20 18:30 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-27 13:11 - 2015-04-20 18:30 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-27 13:11 - 2015-04-20 18:30 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-05-21 19:02 - 2015-04-20 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-21 18:56 - 2015-04-20 18:30 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-14 12:05 - 2014-03-16 00:35 - 00000000 ____D C:\ProgramData\Skype
2015-05-10 14:42 - 2015-05-09 23:31 - 03224170 _____ C:\Users\Sacharow\Desktop\Wenn du stirbst, zieht dein ganzes Leben.pptm

==================== Files in the root of some directories =======

2015-03-22 16:06 - 2015-06-07 11:44 - 0000020 _____ () C:\Users\Sacharow\AppData\Roaming\appdataFr3.bin
2015-04-03 20:50 - 2015-04-03 20:50 - 0000036 ____H () C:\Users\Sacharow\AppData\Roaming\swk.ini
2014-06-01 10:39 - 2014-06-01 10:39 - 0031007 _____ () C:\Users\Sacharow\AppData\Roaming\UserTile.png
2013-03-02 13:08 - 2015-06-09 12:27 - 0002032 _____ () C:\Users\Sacharow\AppData\Local\d3d9caps.dat
2013-04-08 16:00 - 2015-04-02 23:51 - 0022016 _____ () C:\Users\Sacharow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-23 13:28 - 2014-12-23 13:28 - 0002622 _____ () C:\Users\Sacharow\AppData\Local\recently-used.xbel
2015-04-13 22:22 - 2015-04-13 22:23 - 0004644 _____ () C:\Users\Sacharow\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Sacharow\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-09 12:52

==================== End of log ============================

deeprybka · 09.06.2015, 17:58

Hi, wir sind fertig.
Bitte installiere unbedingt Service Pack 2 für Vista. Informationen zum Installieren von Windows Vista Service Pack 2 (SP2)

Das installierte Java, sollte dann auch mit der aktuellsten Version ersetzt werden.

>>clean<<
Wir haben es geschafft!

Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.

Meine Kauf-Empfehlung:

ESET Smart Security

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

PC-1234 · 09.06.2015, 22:09

Vielen Dank für die Hilfe. Schauen wir mal ob die Tele..... sich wieder hilft.

deeprybka · 10.06.2015, 08:09

Alles klar.

10.06.2015, 08:09	#22
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Zeus Bot anscheinend auf PC// Brief von Telekom Alles klar. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Zeus Bot anscheinend auf PC// Brief von Telekom

Plagegeister aller Art und deren Bekämpfung: Zeus Bot anscheinend auf PC// Brief von Telekom