Hallo Trojaner-Profis!

Beim Aufrufen meiner Telebanking-Seite öffnet sich seit einigen Tagen eine falsche Seite mit einem Fenster, das mich auffordert, eine mobile App am Handy zu installieren und die Telebanking-Logindaten einzugeben.
Mein Telebanking-Zugang ist nun vorläufig sicherheitshalber gesperrt.

Nun habe ich bereits mit verschiedenen Programmen versucht, den Trojaner (der, wie ich mich mittlerweile informiert habe, auch bei der Bank schon bekannt ist) zu entfernen - leider erfolglos....

Die Logs von 360 Total Security und MWB Anti-Malware (mehrere Scans, auch im abgesicherten Modus) finden sich im Anhang, Spyware Terminator hat keine Bedrohungen gefunden.

Wie werde ich das Ding wieder los? Bitte dringend um Hilfe, bin mittlerweile ratlos!

Vielen Dank!
Sirika

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tut mir leid, das hab ich übersehen!
Hier die Logs von 360 Total Security:

Code: Alles auswählenAufklappen

ATTFilter

360 Total Security Scan Log

Scan Time:2015-08-27 23:22:58
Time Taken:00:03:31
Object(s) Scanned:24159
Threat(s) Found:5
Threat(s) Resolved:5

Scan Settings
----------------------
Compressed Files Scan:No
Scan Engine:Avira and Bitdefender engines are disabled

Scan Scope
----------------------
Quick Scan

Scan Result
======================
System Anomalies
----------------------
Search App by Ask		Need to restart system
IE toolbar buttons:An Bluetooth senden		Resolved
Invalid shortcut:About Java.lnk		Need to restart system
Invalid shortcut:Check For Updates.lnk		Need to restart system
Invalid shortcut:Configure Java.lnk		Need to restart system
         

Code: Alles auswählenAufklappen

ATTFilter

360 Total Security Scan Log

Scan Time:2015-08-31 13:23:32
Time Taken:00:01:20
Object(s) Scanned:20621
Threat(s) Found:1
Threat(s) Resolved:1

Scan Settings
----------------------
Compressed Files Scan:No
Scan Engine:Avira and Bitdefender engines are disabled

Scan Scope
----------------------
Quick Scan

Scan Result
======================
System Anomalies
----------------------
Search App by Ask		Resolved
         

Code: Alles auswählenAufklappen

ATTFilter

360 Total Security Scan Log

Scan Time:2015-08-31 13:28:44
Time Taken:01:34:59
Object(s) Scanned:326720
Threat(s) Found:22
Threat(s) Resolved:22

Scan Settings
----------------------
Compressed Files Scan:No
Scan Engine:Avira and Bitdefender engines are disabled

Scan Scope
----------------------
Full Scan

Scan Result
======================
High-risk Items
----------------------
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.CompatibilityChecker.dll.vir	Win32/Virus.Adware.708	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkUninstall.exe.vir	HEUR/QVM42.0.Malware.Gen	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir	Trojan.Generic	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FeSvc.dll.vir	Win32/Virus.Adware.e4c	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir	HEUR/QVM10.1.Malware.Gen	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir	HEUR/QVM10.1.Malware.Gen	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir	Trojan.Generic	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir	Win32/Application.e35	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir	Trojan.Generic	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir	Trojan.Generic	Resolved
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir	Trojan.Generic	Resolved
C:\Users\karo\AppData\Local\avayvaxxvae\pbqrmvbub	HEUR/QVM42.0.Malware.Gen	Resolved
C:\Users\karo\AppData\Roaming\RHEng\58B81FD106984231830079412AB95342\13443.exe	HEUR/Malware.QVM06.Gen	Resolved
C:\Users\karo\Downloads\MPlayerUpdate.exe	Win32/Trojan.ae7	Resolved
C:\Users\karo\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe	HEUR/QVM18.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[1]	HEUR/QVM20.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[1]	HEUR/QVM20.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-2[1]	Win32/Trojan.Generic.40f	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[1]	HEUR/QVM20.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-4[2]	HEUR/QVM20.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-abb-fix[2]	HEUR/QVM20.1.Malware.Gen	Resolved
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\distro-search-protect-fix-3[2]	HEUR/QVM20.1.Malware.Gen	Resolved
         

Und hier von Anti-Malware:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 01.09.2015
Suchlaufzeit: 20:27
Protokolldatei: AM 201509012027.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.01.05
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: karo

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgebrochen
Durchsuchte Objekte: 96719
Abgelaufene Zeit: 38 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SearchProtect, HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [1f9a1e0cfe8d61d5303a6576ec16f20e], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 01.09.2015
Suchlaufzeit: 21:09
Protokolldatei: AM 201509012109.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.09.01.05
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: karo

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 494689
Abgelaufene Zeit: 19 Min., 9 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 16
PUP.Optional.SearchApp, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, In Quarantäne, [6e4b9b8f5437d75fe178dccfe22237c9], 
PUP.Optional.Astromenda, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [48719e8ced9ed95de7a02d4ddd2714ec], 
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , In Quarantäne, [4277f2383358f244f4a360567f8522de], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [b108c9618ffc57df0cd7d09425df15eb], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [c1f8a48634570c2a2eb48adadf25bf41], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\avayvaxxvae, In Quarantäne, [774263c74c3fa88e0ffe357721e36c94], 
PUP.Optional.ClearThink, HKLM\SOFTWARE\WOW6432NODE\ClearThink, In Quarantäne, [d4e5a7837c0f70c6aaae86fb4cb8d42c], 
PUP.Optional.SearchApp, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, In Quarantäne, [bffa64c67d0e49ed32278b20fe06dd23], 
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [8a2fc9614c3fa88e35521e5c679d33cd], 
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}, In Quarantäne, [e2d7c06a2a6111257db81d0407fc817f], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, In Quarantäne, [f3c6de4cd7b490a612ffc3e909fb0ef2], 
PUP.Optional.APNToolBar.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP, In Quarantäne, [6059d3576724b5815525b8697192e21e], 
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, In Quarantäne, [2f8acf5bcfbc6ec84e29c25fdb28827e], 
PUP.Optional.Astromenda, HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [e1d8b872a7e410266919512957ad16ea], 
PUP.Optional.SofTonic, HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{764AC2DF-828A-406D-B580-46A3931EA6F2}, In Quarantäne, [7a3f1e0c4f3c41f548a4d0dfff05bc44], 
PUP.Optional.AmazonTB, HKU\S-1-5-21-2810523341-1374500079-2043300955-1006\SOFTWARE\ALEXA INTERNET\ALEXA9\Amazon, In Quarantäne, [c0f970ba3c4fa49249174c2d4fb5916f], 

Registrierungswerte: 14
PUP.Optional.AskPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, In Quarantäne, [02b754d6c3c8280e164d17636a9a54ac]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [ab0ee446c6c5ab8b1482773f976dd729]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [f5c42efc286370c63264f1c548bc58a8]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [b60368c2bccf93a33d5935819c6816ea]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [229739f1a4e780b6474f72444bb921df]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [74459a90bbd0a1955640e8cef80c8779]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [19a064c67b10280e16802a8c1fe5b44c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130705617682479084, In Quarantäne, [4277f2383358f244f4a360567f8522de]
PUP.Optional.AskPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, In Quarantäne, [f8c11e0ce8a380b6283b80fa4cb8ca36]
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, In Quarantäne, [992063c772196fc79cece793ae5617e9]
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-SPE\, In Quarantäne, [e2d7c06a2a6111257db81d0407fc817f]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, In Quarantäne, [f3c6de4cd7b490a612ffc3e909fb0ef2]
PUP.Optional.SofTonic, HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{764AC2DF-828A-406D-B580-46A3931EA6F2}|URL, hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=08670866000000000000000000000000&toi=16026&r=979, In Quarantäne, [7a3f1e0c4f3c41f548a4d0dfff05bc44]
PUP.Optional.SofTonic, HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{764AC2DF-828A-406D-B580-46A3931EA6F2}|FaviconURL, hxxp://search.softonic.com/favicon.ico, In Quarantäne, [08b12a0090fb0d29bb314867699b14ec]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 17
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [13a657d38dfe50e65316c72db64c1be5], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, In Quarantäne, [b6036dbdaddea5911d863ed9c93a827e], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [b6036dbdaddea5911d863ed9c93a827e], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [b6036dbdaddea5911d863ed9c93a827e], 

Dateien: 32
PUP.Optional.RegCleanerPro, C:\Users\karo\Downloads\rcpsetupmapp2_mapp21529697.exe, In Quarantäne, [9b1e1f0b840751e5ef597573d72954ac], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, In Quarantäne, [fcbd909a4f3c0d29f887cf041ae71ee2], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [f6c31f0b35566bcbedf8ee7607fd5ca4], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, In Quarantäne, [3c7dc169068549ed49b656554bb92fd1], 
PUP.Optional.WinYahoo, C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, In Quarantäne, [41784fdb8902d16578ac5a62679de020], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.12.0.0-4.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.12.0.0-5.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-5.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.16.2.0-4.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-4.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-5.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.19.1.0-5.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.20.0.0-5.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.20.0.0-6.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.20.0.0-26.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.20.0.0-27.xml, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, In Quarantäne, [ad0c27037a11d36390dadb192fd36f91], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.APNToolBar.Gen, C:\Users\karo\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, In Quarantäne, [6059a585008b92a43a3144b0f60ce719], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\bahvxfk, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\mkfvxfk, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\pvpqbjobmlpfqlovvawq, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\qokvxfk, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\rfobmlpfqlovvawq, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\rpboobmlpfqlovvawq, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\stb.dat, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Users\karo\AppData\Local\avayvaxxvae\ycfvxfk, In Quarantäne, [3287fc2ef992b5814f4da5720df61de3], 
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [b6036dbdaddea5911d863ed9c93a827e], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

Vielen Dank schon mal im voraus!!!

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
durchgeführt von karo (Administrator) auf KARO-PC (03-09-2015 14:51:28)
Gestartet von C:\Users\karo\Downloads
Geladene Profile: UpdatusUser & karo (Verfügbare Profile: UpdatusUser & karo & Mcx1-KARO-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(ZyXEL) C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(TheGreenBow) C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\tgbike.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [TgbVpn] => C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe [684672 2013-10-15] (ZyXEL)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [3884368 2015-07-27] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5473104 2015-07-27] (Crawler Group, LLC)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-11-17] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\samsung\panelmgr\SSMMgr.exe [692224 2012-02-15] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1032312 2015-08-14] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => Keine Datei
AppInit_DLLs:  c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [260928 2012-02-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

AutoConfigURL: [S-1-5-21-2810523341-1374500079-2043300955-1001] => https://securetonnel.com/3dtonnel.js
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44817066-EFFE-4E72-87A7-BFF2678F05A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76A99031-44AF-4DE3-AF0A-F9DF1EAE47DC}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9C3EFB80-AE94-4EEF-B089-6681C65C0888}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {5067DC2E-0597-44B5-A808-634A2A28CC46} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {542E156F-70B1-4665-ADD7-F0656E422F67} URL = 
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-27] (Crawler Group, LLC)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-27] (Crawler Group, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-22] (DVDVideoSoft Ltd.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\englische-ergebnisse.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche-sterreich.xml [2014-07-11]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\lastminute.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\webde-suche.xml [2013-04-17]
FF Extension: Avira Browser Safety - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\abs@avira.com [2015-09-02]
FF Extension: GMX MailCheck - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\mailcheck@gmx.net [2015-09-02]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-03]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2015-09-02]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-07-24]
FF HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-03]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\karo\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-10-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [858744 2015-08-14] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Datei ist nicht signiert]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3037520 2015-07-27] (Crawler Group)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 TgbIke Starter; C:\windows\SysWOW64\TgbStarter.exe [238640 2013-10-15] (TheGreenBow)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-08-14] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-08-14] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-08-14] (360.cn)
R3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-07-09] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-08-14] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-08-14] (360.cn)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [39096 2013-10-15] (TheGreenBow)
R3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [158904 2013-10-15] (TheGreenBow)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Datei ist nicht signiert]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 14:51 - 2015-09-03 14:51 - 00026691 _____ C:\Users\karo\Downloads\FRST.txt
2015-09-03 14:51 - 2015-09-03 14:51 - 00000000 ____D C:\FRST
2015-09-03 14:50 - 2015-09-03 14:50 - 02188800 _____ (Farbar) C:\Users\karo\Downloads\FRST64.exe
2015-09-03 14:48 - 2015-09-03 14:48 - 01690624 _____ (Farbar) C:\Users\karo\Downloads\FRST.exe
2015-09-03 07:50 - 2015-09-03 07:50 - 00001362 _____ C:\Users\karo\Downloads\360 TS 20150827232258.txt
2015-09-02 22:33 - 2015-09-02 22:33 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 22:33 - 2015-09-02 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-02 22:32 - 2015-09-03 14:37 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 22:32 - 2015-09-02 22:37 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 22:32 - 2015-09-02 22:32 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 22:32 - 2015-09-02 22:32 - 00003850 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 22:30 - 2015-09-02 22:30 - 00929360 _____ (Google Inc.) C:\Users\karo\Downloads\ChromeSetup(2).exe
2015-09-01 21:07 - 2015-09-02 21:03 - 00014316 _____ C:\windows\PFRO.log
2015-09-01 20:26 - 2015-09-02 22:58 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 20:26 - 2015-09-01 20:26 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-01 20:20 - 2015-09-01 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\karo\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 21:51 - 2015-09-02 21:09 - 00001008 _____ C:\windows\setupact.log
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 _____ C:\windows\setuperr.log
2015-08-31 21:50 - 2015-08-31 21:50 - 00001060 _____ C:\Users\karo\Desktop\Spyware Terminator 2015.lnk
2015-08-31 21:40 - 2015-09-02 17:44 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-08-31 21:40 - 2015-08-31 21:40 - 00000000 ____D C:\Users\karo\AppData\Roaming\Spyware Terminator
2015-08-31 21:38 - 2015-08-31 21:41 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-08-31 21:38 - 2015-08-31 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2015-08-31 21:37 - 2015-08-31 21:37 - 09488448 _____ (Crawler Group ) C:\Users\karo\Downloads\SpywareTerminatorSetup2015_300102.exe
2015-08-31 15:08 - 2015-08-31 15:08 - 00000000 _RSHD C:\360SANDBOX
2015-08-27 23:26 - 2015-09-03 14:46 - 00000000 __SHD C:\$360Section
2015-08-27 23:23 - 2015-09-03 14:46 - 00000000 ____D C:\ProgramData\360Quarant
2015-08-27 23:22 - 2015-08-31 19:27 - 00000000 ____D C:\ProgramData\360safe
2015-08-27 23:22 - 2015-08-31 15:14 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-08-21 18:59 - 2015-08-21 19:00 - 00000000 ____D C:\Users\karo\AppData\Local\{8859A378-8D76-4F62-9697-CA2E87E8FC36}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 14:39 - 2012-05-31 12:02 - 01327976 _____ C:\windows\WindowsUpdate.log
2015-09-03 14:31 - 2013-05-30 08:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 09:12 - 2013-05-19 19:04 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-09-03 07:49 - 2013-03-14 17:38 - 00000000 ____D C:\Users\karo\AppData\Local\Adobe
2015-09-02 23:20 - 2013-04-26 07:17 - 00000000 ____D C:\Users\karo\AppData\Local\CrashDumps
2015-09-02 23:17 - 2013-03-11 22:43 - 00000000 ____D C:\Users\Public\Documents\Computer
2015-09-02 23:16 - 2013-03-10 13:40 - 00000000 ____D C:\Users\karo\Documents\Outlook-Dateien
2015-09-02 22:33 - 2013-11-24 16:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-02 21:18 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-02 21:18 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-02 21:12 - 2012-05-30 18:37 - 00703192 _____ C:\windows\system32\perfh007.dat
2015-09-02 21:12 - 2012-05-30 18:37 - 00150800 _____ C:\windows\system32\perfc007.dat
2015-09-02 21:12 - 2009-07-14 07:13 - 01629348 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-02 21:08 - 2012-05-30 20:07 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-09-02 21:07 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-02 17:18 - 2015-01-29 11:03 - 00001998 ____H C:\Users\karo\Documents\Default.rdp
2015-09-02 16:16 - 2012-05-30 20:07 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-09-01 21:41 - 2014-12-07 16:07 - 00000000 ____D C:\ProgramData\APN
2015-09-01 14:31 - 2013-03-14 17:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 16:27 - 2014-08-26 21:30 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-08-31 16:23 - 2013-05-21 17:53 - 00000000 ____D C:\Users\karo\Documents\Scan
2015-08-27 23:37 - 2015-07-24 20:42 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-08-27 23:37 - 2015-07-24 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-08-27 23:30 - 2015-01-29 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-27 23:28 - 2015-03-19 13:22 - 00000000 ____D C:\Program Files\360
2015-08-27 23:26 - 2014-08-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:23 - 2015-03-19 13:23 - 00000000 ____D C:\Users\karo\AppData\Roaming\360safe
2015-08-27 23:23 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-25 13:45 - 2013-03-24 11:56 - 00000000 ____D C:\Users\Public\Documents\Finanzen
2015-08-22 20:08 - 2013-12-12 10:03 - 00000000 ____D C:\Users\karo\Documents\Simon
2015-08-22 20:05 - 2013-03-09 12:21 - 00000000 ____D C:\Users\Public\Documents\Lilli
2015-08-15 18:03 - 2013-05-30 08:54 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-15 18:03 - 2013-02-27 22:10 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-15 18:03 - 2013-02-27 22:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 11:08 - 2015-07-24 20:42 - 00363088 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00319568 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00178768 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2015-08-14 11:08 - 2015-07-24 20:42 - 00137296 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00077904 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-03-13 20:08 - 2015-03-13 20:08 - 0000174 _____ () C:\Users\karo\AppData\Roaming\dfg5r76rsg.bat
2014-01-23 16:16 - 2014-01-24 12:47 - 0000077 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-23 16:14 - 2015-03-23 23:02 - 0002021 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-01-23 16:16 - 2014-01-24 12:47 - 0000154 _____ () C:\Users\karo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-02 16:35 - 2014-12-24 11:03 - 0003584 _____ () C:\Users\karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-25 20:45 - 2013-08-25 20:45 - 0007605 _____ () C:\Users\karo\AppData\Local\Resmon.ResmonCfg
2012-05-30 20:26 - 2012-05-30 20:26 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-30 20:18 - 2012-05-30 20:18 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-30 20:22 - 2012-05-30 20:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-30 20:19 - 2012-05-30 20:22 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-30 20:23 - 2012-05-30 20:25 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\AlexaNSISPlugin.1116.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-30 13:14

==================== Ende von FRST.txt ============================
         

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-08-2015
durchgeführt von karo (2015-09-03 14:52:12)
Gestartet von C:\Users\karo\Downloads
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2810523341-1374500079-2043300955-500 - Administrator - Disabled)
Gast (S-1-5-21-2810523341-1374500079-2043300955-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2810523341-1374500079-2043300955-1004 - Limited - Enabled)
karo (S-1-5-21-2810523341-1374500079-2043300955-1001 - Administrator - Enabled) => C:\Users\karo
Mcx1-KARO-PC (S-1-5-21-2810523341-1374500079-2043300955-1006 - Limited - Enabled) => C:\Users\Mcx1-KARO-PC
UpdatusUser (S-1-5-21-2810523341-1374500079-2043300955-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.2.0.1018 - 360 Security Center)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BilliBanni 2. Klasse Ein käse-rantes Traumschiff-Abenteuer (HKLM-x32\...\BilliBanni 2. Klasse Ein käse-rantes Traumschiff-Abenteuer) (Version:  - )
BilliBanni Vorschule Weiche Landung in Ballonien! (HKLM-x32\...\{EABE970D-5025-4F24-9727-240742AC8A98}) (Version: 1.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.17.12 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.22 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
Free Video Flip and Rotate version 1.0.8.1215 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.0.8.1215 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iDRS(tm) OCR Software by I.R.I.S (HKLM-x32\...\iDRS(tm) OCR Software by I.R.I.S) (Version: 1.00.17 (17.04.2012) - Samsung Electronics Co., Ltd.)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)
LesenLernen (HKLM-x32\...\LesenLernen) (Version: 2.5 - Wolfram Esser)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{119B7882-19D7-4BE7-A417-29BB479D3ABE}) (Version: 1.0 - )
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 295.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.55 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung CLX-3300 Series (HKLM-x32\...\Samsung CLX-3300 Series) (Version: 1.04 (07.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.03.13 (29.06.2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.72.00(20.09.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.4 - Samsung)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.20.00 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.10.0 - SAMSUNG Electronics Co., Ltd.)
Schildis Datenbank (HKLM-x32\...\ST6UNST #1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spyware Terminator 2015 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.102 - Crawler Group)
Sweet Home 3D version 4.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.39.55 - Huawei Technologies Co.,Ltd)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 2.0 - Samsung Electronics CO., LTD.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ZyWALL IPSec VPN Client (HKLM-x32\...\ZyWALL IPSec VPN Client) (Version:  - ZyXEL)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

18-08-2015 19:25:26 Geplanter Prüfpunkt
26-08-2015 09:56:45 Geplanter Prüfpunkt

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-07-29 10:19 - 2013-07-29 10:24 - 00002821 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com

Da befinden sich 36 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00022FA5-69D0-4145-86FC-96858EE71DE0} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {026E2A30-4138-4764-9E38-42E3DF6DA03C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {0E773AF0-9A3C-49CF-8C89-D9251F3D87D7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)
Task: {131E9456-084E-4C29-8F76-CAFE187E8BCB} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-09] (Samsung Electronics Co., Ltd.)
Task: {1F2A99AC-1F99-418F-9661-47DEA05A869B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {2DBE3542-1E15-4623-9A6B-9AA4A6F99FAF} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {37D7CB29-7F40-4EA3-A937-E14E8A2AE708} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3B7E4CE0-47F6-4454-AE5E-75926362D8AA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {409F5A88-F4BF-4DAA-9DCD-0110F3B65ED0} - System32\Tasks\{61BE346E-77CF-4DA7-A0F9-D01630710D93} => pcalua.exe -a C:\Users\karo\Downloads\LesenLernen_v2.5_Setup.exe -d C:\Users\karo\Downloads
Task: {5125F5A6-843E-4020-B409-9129C66E8E9E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation)
Task: {5378CCE1-318F-40F2-9000-A0917263F96E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {5AB503BB-6556-45D0-819B-0FE89674C923} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {5C14C8CF-20C4-4708-AA09-E0174B35221D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KARO-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {5E795890-AB62-4A67-B481-6017EF9B2BBC} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5F06901C-8193-47FF-A656-5D37DE02E67A} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {68CF1927-63B9-43D8-AA90-2D7A62F29FDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {706A9D00-FE44-4BCE-81AF-BF9739B0FDAE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {78592F01-267B-43A1-97C6-26143E6EA858} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {8AD3D6BB-96A4-4C9D-9A0D-89B22B95D52F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {94EDA0ED-64E8-402A-AA0C-7D91F7A333A9} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {981B796D-2110-4B92-9F97-4CCADDB02D77} - \avayvaxxvae -> Keine Datei <==== ACHTUNG
Task: {B74560F8-F057-4238-96FC-C289FFA0F8D1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {D51285F5-FFD5-40B9-B8F3-D174CD17BBA6} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {D881D6FD-9823-427C-B61B-CA28C58BA8D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DC1C6C0F-8390-48D1-A423-95C003EEA0CE} - System32\Tasks\{B10587D3-8F03-4151-819D-AA502E5582E8} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
Task: {E523C47D-9303-46C8-A053-0F433FF8DA31} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {EE28DBD9-0D40-4EDF-A147-9B1B879EE848} - System32\Tasks\AdobeAAMUpdater-1.0-karo-PC-karo => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F00BDD68-114D-4CE8-91BD-8E324D7BC08F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {F4757738-DC10-486B-8206-4DE5ECBFADE7} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-12] (Samsung)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-02-23 16:16 - 2007-08-14 20:03 - 00022016 _____ () C:\windows\System32\sst1cl6.dll
2013-05-19 18:57 - 2012-01-09 13:47 - 00034304 _____ () C:\windows\System32\sst7clm.dll
2012-05-30 20:07 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 20:34 - 2012-02-13 08:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-02-15 15:15 - 2012-02-15 15:15 - 00692224 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2013-02-23 16:16 - 2009-12-09 16:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2015-07-24 20:42 - 2015-08-14 11:08 - 01032312 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-05-30 20:22 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-02-06 06:42 - 2012-01-05 10:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2015-07-24 20:42 - 2015-08-14 11:08 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-30 20:34 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-05-30 20:34 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-07-24 20:42 - 2015-08-14 11:08 - 00559224 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2012-05-30 20:38 - 2011-09-08 12:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-05-30 20:07 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2012-12-18 21:08 - 2012-12-18 21:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-09-02 22:33 - 2015-08-28 02:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-02 22:33 - 2015-08-28 02:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-02 22:33 - 2015-08-28 02:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
2013-07-18 15:02 - 2013-07-18 15:02 - 00310272 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\sslog.dll
2013-04-10 11:38 - 2013-04-10 11:38 - 00615424 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SAStyle.cjstyles
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-04-10 11:50 - 2013-04-10 11:50 - 02560512 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\sf.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HW_OPENEYE_OUC_T-Mobile Internet Manager => "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{81767A3B-0776-4D9B-9F97-DD0D80A92CBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{81A6E0B7-2E79-458F-933E-A241B3580DE7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B9B1E611-1E46-431B-ABAF-8AE1391F3CEB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5CFAFEAC-E72A-40EB-9623-7260961F87B9}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C7B2B459-9954-4ECD-88CD-9017A044B974}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B54EA4D-86DE-42D4-A6A6-E182B31EEC34}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6FF956F2-F713-4787-A243-ECC2804246B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{64430A5F-4954-4E95-9CD2-0713652A84C3}] => (Allow) LPort=2869
FirewallRules: [{66C95599-FE24-47F1-9C1C-74C4965A0293}] => (Allow) LPort=1900
FirewallRules: [{D55607D5-0378-4BAA-B822-95BCBE4DB1B0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E4C356F-DA7C-4BBB-8E2E-D1374ED56900}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DD7BF4D6-A047-4719-8CAD-7C16594B5631}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C6D68C01-C310-40A0-8B78-BB23176A5D15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{772D2BE2-7430-4621-9FBC-10D56FEFCF49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0469AC-3DB5-4C24-ABEC-875A7A77C2CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{544C9829-5C74-437B-8A77-F1E186EA95BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03DF56EA-64B9-4744-A9D5-74115E4A0C3E}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{3D977D39-A57B-49E4-9045-9D16C06EBEF5}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{D83B2D13-0523-4938-BB59-012BAFA0B724}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{381A5532-7E7B-4D9E-87AF-DCAA91E19372}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{B9E93E63-FC3C-480B-B0EE-721D1BBFAB4B}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{7838D869-0A33-4C1B-AEB6-ACBCDA85DE4C}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{268A81D5-17D9-49A6-B295-3266A9658027}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7651D0E6-5F6C-4068-8415-573E568F163A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1C07DFDA-77BE-4C70-A83A-8A41245885B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{A34A8689-E260-4F48-B426-DBE30FB0BC3F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{60CC8930-8752-4398-9453-2CAAF41AE281}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{63F1FCA2-81A5-42C8-9BEF-EB6A71421C71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{4A54F09E-01FC-4D20-9E75-6744F333A437}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{36814D55-A629-4E18-A765-8E520AA525AA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{790B8B51-4F62-4760-8FEB-3977A425B758}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F26E49A2-A379-4D9C-A11D-A5827CCC0319}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{7CF8C441-3353-4D85-862A-8785D65E0161}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8CB8A751-C722-4951-800D-96B730911D2A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{710AFE97-DC2B-421A-91FA-7CBF2C635974}] => (Allow) C:\Program Files (x86)\Artisteer 4\bin\Artisteer.exe
FirewallRules: [{2B0BB0AD-2F00-4F43-836E-54FCDC4B9197}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{AF010761-B233-4264-95E8-A042B8B373DA}] => (Allow) LPort=500
FirewallRules: [{4E5DE30D-68AB-4835-AA13-88069CE75156}] => (Allow) LPort=4500
FirewallRules: [{3118221F-50B4-4761-9941-E62BB379624C}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{39466785-69FC-4089-AAE2-3F4D2069F3C8}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{37D902E4-D8C8-4683-8770-0B980F40E67F}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{42A55366-D1B1-4156-937A-7F67F98CEAC5}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [TCP Query User{4B368A73-A616-44C0-9BC7-A9F2664B4BFE}C:\program files\360\360 internet security\360sdupd.exe] => (Allow) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [UDP Query User{72B5A44F-17AF-46A2-83CC-771F83DE9EF3}C:\program files\360\360 internet security\360sdupd.exe] => (Allow) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [TCP Query User{6477C0C4-330A-4151-B603-D5A962548B0E}C:\program files\360\360 internet security\360sdupd.exe] => (Block) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [UDP Query User{7B59A4BF-966A-4C8E-99A8-84152B582D54}C:\program files\360\360 internet security\360sdupd.exe] => (Block) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [{127487CA-8887-4AF5-B2EC-593A09F2800F}] => (Allow) C:\Program Files\360\360 Internet Security\UpTip.exe
FirewallRules: [{224A8540-6EE7-4006-8A5B-E2D7DEB62AF4}] => (Allow) C:\Program Files\360\360 Internet Security\UpTip.exe
FirewallRules: [{9017617A-C414-411B-A43B-7315059EC460}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{6BCAC8B3-8A6B-4122-94C8-48D003D135BA}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{55329EE0-9B2F-44B6-9A45-866DD6BA755B}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{70D6B7C3-2D83-4BDB-85BC-B786F8E771E0}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{AEB6F8E9-C0F6-4128-83BF-9A3C7E8270DA}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{40078FD4-B23F-4698-900B-1778E7CF7C2E}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [TCP Query User{4B9815A2-BB24-438B-B5A5-1A7C855FC8FB}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{9A8EA97C-B40A-4278-AB29-F16C36D8FF78}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{CD94A856-CCC4-4F45-BB46-5BDFE21B32DE}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{36E70FB7-6A70-4741-A4EC-5C28DD781F00}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{482145AB-ECF1-414F-8691-23CA4782C125}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{631C97CD-1F78-4A01-9CAA-14B8700E8503}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{9CD24275-3A37-4D60-9A18-D2E179E1DE3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 09:07:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (09/03/2015 09:07:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (09/03/2015 08:24:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 08:21:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1427207


Systemfehler:
=============
Error: (09/02/2015 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/02/2015 09:05:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/02/2015 09:05:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office:
=========================
Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (09/03/2015 10:44:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 09:07:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012

Error: (09/03/2015 09:07:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012

Error: (09/03/2015 08:24:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (09/03/2015 08:24:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 08:21:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1427207


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 7973.54 MB
Verfügbarer physikalischer RAM: 4935.61 MB
Summe virtueller Speicher: 15945.26 MB
Verfügbarer virtueller Speicher: 12586.42 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:906.16 GB) (Free:712.72 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5DF977A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.3 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

==================== Ende von Addition.txt ============================
         

Du hast ein gecracktes Adobe drauf. Das muss runter, sonst gehts hier nicht weiter

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

ok, wusste ich gar nicht :-(
sollte nun deinstalliert sein - falls ich alles erwischt habe...

Hier der neue Scan:

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
durchgeführt von karo (Administrator) auf KARO-PC (03-09-2015 19:03:38)
Gestartet von C:\Users\karo\Downloads
Geladene Profile: UpdatusUser & karo (Verfügbare Profile: UpdatusUser & karo & Mcx1-KARO-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Crawler Group) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ZyXEL) C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(TheGreenBow) C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\tgbike.exe
(Huawei Technologies Co., Ltd.) C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [TgbVpn] => C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe [684672 2013-10-15] (ZyXEL)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [3884368 2015-07-27] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5473104 2015-09-03] (Crawler Group, LLC)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-11-17] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\samsung\panelmgr\SSMMgr.exe [692224 2012-02-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1032312 2015-08-14] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => Keine Datei
AppInit_DLLs:  c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [260928 2012-02-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

AutoConfigURL: [S-1-5-21-2810523341-1374500079-2043300955-1001] => https://securetonnel.com/3dtonnel.js
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44817066-EFFE-4E72-87A7-BFF2678F05A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76A99031-44AF-4DE3-AF0A-F9DF1EAE47DC}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9C3EFB80-AE94-4EEF-B089-6681C65C0888}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> DefaultScope {542E156F-70B1-4665-ADD7-F0656E422F67} URL = 
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {5067DC2E-0597-44B5-A808-634A2A28CC46} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {542E156F-70B1-4665-ADD7-F0656E422F67} URL = 
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-27] (Crawler Group, LLC)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-11-20] (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-27] (Crawler Group, LLC)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-22] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\englische-ergebnisse.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche-sterreich.xml [2014-07-11]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\lastminute.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\webde-suche.xml [2013-04-17]
FF Extension: Avira Browser Safety - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\abs@avira.com [2015-09-02]
FF Extension: GMX MailCheck - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\mailcheck@gmx.net [2015-09-02]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-03]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2015-09-03]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-07-24]
FF HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-03]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\karo\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-10-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [858744 2015-08-14] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Datei ist nicht signiert]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3037520 2015-07-27] (Crawler Group)
R2 TgbIke Starter; C:\windows\SysWOW64\TgbStarter.exe [238640 2013-10-15] (TheGreenBow)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-08-14] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-08-14] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-08-14] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-07-09] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-08-14] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-08-14] (360.cn)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [39096 2013-10-15] (TheGreenBow)
R3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [158904 2013-10-15] (TheGreenBow)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Datei ist nicht signiert]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 14:52 - 2015-09-03 14:52 - 00048840 _____ C:\Users\karo\Downloads\Addition.txt
2015-09-03 14:51 - 2015-09-03 19:03 - 00024531 _____ C:\Users\karo\Downloads\FRST.txt
2015-09-03 14:51 - 2015-09-03 19:03 - 00000000 ____D C:\FRST
2015-09-03 14:50 - 2015-09-03 14:50 - 02188800 _____ (Farbar) C:\Users\karo\Downloads\FRST64.exe
2015-09-03 14:48 - 2015-09-03 14:48 - 01690624 _____ (Farbar) C:\Users\karo\Downloads\FRST.exe
2015-09-03 07:50 - 2015-09-03 07:50 - 00001362 _____ C:\Users\karo\Downloads\360 TS 20150827232258.txt
2015-09-02 22:33 - 2015-09-02 22:33 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 22:33 - 2015-09-02 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-02 22:32 - 2015-09-03 18:37 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 22:32 - 2015-09-03 18:09 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 22:32 - 2015-09-02 22:32 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 22:32 - 2015-09-02 22:32 - 00003850 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 22:30 - 2015-09-02 22:30 - 00929360 _____ (Google Inc.) C:\Users\karo\Downloads\ChromeSetup(2).exe
2015-09-01 21:07 - 2015-09-03 18:09 - 00014628 _____ C:\windows\PFRO.log
2015-09-01 20:26 - 2015-09-02 22:58 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 20:26 - 2015-09-01 20:26 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-01 20:20 - 2015-09-01 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\karo\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 21:51 - 2015-09-03 18:09 - 00001176 _____ C:\windows\setupact.log
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 _____ C:\windows\setuperr.log
2015-08-31 21:50 - 2015-08-31 21:50 - 00001060 _____ C:\Users\karo\Desktop\Spyware Terminator 2015.lnk
2015-08-31 21:40 - 2015-09-02 17:44 - 00000000 ____D C:\ProgramData\Spyware Terminator
2015-08-31 21:40 - 2015-08-31 21:40 - 00000000 ____D C:\Users\karo\AppData\Roaming\Spyware Terminator
2015-08-31 21:38 - 2015-09-03 18:11 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-08-31 21:38 - 2015-08-31 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2015-08-31 21:37 - 2015-08-31 21:37 - 09488448 _____ (Crawler Group ) C:\Users\karo\Downloads\SpywareTerminatorSetup2015_300102.exe
2015-08-31 15:08 - 2015-08-31 15:08 - 00000000 _RSHD C:\360SANDBOX
2015-08-27 23:26 - 2015-09-03 14:46 - 00000000 __SHD C:\$360Section
2015-08-27 23:23 - 2015-09-03 14:46 - 00000000 ____D C:\ProgramData\360Quarant
2015-08-27 23:22 - 2015-08-31 19:27 - 00000000 ____D C:\ProgramData\360safe
2015-08-27 23:22 - 2015-08-31 15:14 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-08-21 18:59 - 2015-08-21 19:00 - 00000000 ____D C:\Users\karo\AppData\Local\{8859A378-8D76-4F62-9697-CA2E87E8FC36}

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-03 19:03 - 2013-05-30 08:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-03 19:01 - 2013-02-27 22:09 - 00000000 ____D C:\ProgramData\Adobe
2015-09-03 19:00 - 2013-03-14 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-03 18:55 - 2013-02-23 09:49 - 00119264 _____ C:\Users\karo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-03 18:44 - 2015-01-29 11:03 - 00001998 ____H C:\Users\karo\Documents\Default.rdp
2015-09-03 18:32 - 2012-05-30 18:37 - 00703192 _____ C:\windows\system32\perfh007.dat
2015-09-03 18:32 - 2012-05-30 18:37 - 00150800 _____ C:\windows\system32\perfc007.dat
2015-09-03 18:32 - 2009-07-14 07:13 - 01629348 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-03 18:26 - 2013-03-11 22:43 - 00000000 ____D C:\Users\Public\Documents\Computer
2015-09-03 18:17 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-03 18:17 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-03 18:16 - 2013-03-10 13:40 - 00000000 ____D C:\Users\karo\Documents\Outlook-Dateien
2015-09-03 18:14 - 2012-05-31 12:02 - 01404793 _____ C:\windows\WindowsUpdate.log
2015-09-03 18:09 - 2013-02-23 09:37 - 00001425 _____ C:\Users\karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-03 18:09 - 2012-05-30 20:07 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-09-03 18:09 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-03 17:39 - 2013-04-26 07:17 - 00000000 ____D C:\Users\karo\AppData\Local\CrashDumps
2015-09-03 17:39 - 2013-02-23 09:35 - 00000000 ____D C:\Users\karo
2015-09-03 16:16 - 2012-05-30 20:07 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-09-03 16:13 - 2013-05-19 19:04 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-09-03 07:49 - 2013-03-14 17:38 - 00000000 ____D C:\Users\karo\AppData\Local\Adobe
2015-09-02 22:33 - 2013-11-24 16:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-01 21:41 - 2014-12-07 16:07 - 00000000 ____D C:\ProgramData\APN
2015-09-01 14:31 - 2013-03-14 17:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 16:27 - 2014-08-26 21:30 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-08-31 16:23 - 2013-05-21 17:53 - 00000000 ____D C:\Users\karo\Documents\Scan
2015-08-27 23:37 - 2015-07-24 20:42 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-08-27 23:37 - 2015-07-24 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-08-27 23:30 - 2015-01-29 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-27 23:28 - 2015-03-19 13:22 - 00000000 ____D C:\Program Files\360
2015-08-27 23:26 - 2014-08-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:23 - 2015-03-19 13:23 - 00000000 ____D C:\Users\karo\AppData\Roaming\360safe
2015-08-27 23:23 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-25 13:45 - 2013-03-24 11:56 - 00000000 ____D C:\Users\Public\Documents\Finanzen
2015-08-22 20:08 - 2013-12-12 10:03 - 00000000 ____D C:\Users\karo\Documents\Simon
2015-08-22 20:05 - 2013-03-09 12:21 - 00000000 ____D C:\Users\Public\Documents\Lilli
2015-08-15 18:03 - 2013-05-30 08:54 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-15 18:03 - 2013-02-27 22:10 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-15 18:03 - 2013-02-27 22:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 11:08 - 2015-07-24 20:42 - 00363088 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00319568 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00178768 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2015-08-14 11:08 - 2015-07-24 20:42 - 00137296 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00077904 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-03-13 20:08 - 2015-03-13 20:08 - 0000174 _____ () C:\Users\karo\AppData\Roaming\dfg5r76rsg.bat
2014-01-23 16:16 - 2014-01-24 12:47 - 0000077 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-23 16:14 - 2015-03-23 23:02 - 0002021 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-01-23 16:16 - 2014-01-24 12:47 - 0000154 _____ () C:\Users\karo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-02 16:35 - 2014-12-24 11:03 - 0003584 _____ () C:\Users\karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-25 20:45 - 2013-08-25 20:45 - 0007605 _____ () C:\Users\karo\AppData\Local\Resmon.ResmonCfg
2012-05-30 20:26 - 2012-05-30 20:26 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-30 20:18 - 2012-05-30 20:18 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-30 20:22 - 2012-05-30 20:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-30 20:19 - 2012-05-30 20:22 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-30 20:23 - 2012-05-30 20:25 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\AlexaNSISPlugin.1116.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-30 13:14

==================== Ende von FRST.txt ============================
         

Naja - also die Ausrede "wusste ich nicht" find ich jetzt ein wenig
Dass man ein mehrere hunderte EUR teures Programm (CS6) gecrackt für lau nutzen kann und das auch noch alles legal ist kann ja nun nicht sein.

Noch anderes gecracktes Zeug drauf? Wenn ja, runter damit. Und bitte auch ne neue Addition.txt erstellen und posten.

Zitat:

Naja - also die Ausrede "wusste ich nicht" find ich jetzt ein wenig
Dass man ein mehrere hunderte EUR teures Programm (CS6) gecrackt für lau nutzen kann und das auch noch alles legal ist kann ja nun nicht sein.

Adobe hat mir vor Jahren ein Bekannter installiert - ich war der Meinung, er hätte selbst eine gekaufte Version (ich weiß, ist auch nicht ganz legal, die weiterzugeben). Dh ich wusste nicht, dass meine Version gecrackt ist (kannte den Begriff ehrlich gesagt noch gar nicht und musste ihn erst googeln). Naja, kann man glauben oder nicht, das ist mir eh klar. Ich glaube und hoffe jedenfalls nicht, dass sonst noch was Illegales drauf ist.

Code: Alles auswählenAufklappen

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-08-2015
durchgeführt von karo (2015-09-03 21:09:06)
Gestartet von C:\Users\karo\Downloads
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2810523341-1374500079-2043300955-500 - Administrator - Disabled)
Gast (S-1-5-21-2810523341-1374500079-2043300955-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2810523341-1374500079-2043300955-1004 - Limited - Enabled)
karo (S-1-5-21-2810523341-1374500079-2043300955-1001 - Administrator - Enabled) => C:\Users\karo
Mcx1-KARO-PC (S-1-5-21-2810523341-1374500079-2043300955-1006 - Limited - Enabled) => C:\Users\Mcx1-KARO-PC
UpdatusUser (S-1-5-21-2810523341-1374500079-2043300955-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.2.0.1018 - 360 Security Center)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BilliBanni 2. Klasse Ein käse-rantes Traumschiff-Abenteuer (HKLM-x32\...\BilliBanni 2. Klasse Ein käse-rantes Traumschiff-Abenteuer) (Version:  - )
BilliBanni Vorschule Weiche Landung in Ballonien! (HKLM-x32\...\{EABE970D-5025-4F24-9727-240742AC8A98}) (Version: 1.0 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.2.4 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.2.17.12 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.22 - Samsung Electronics CO., LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}) (Version: 1.0.64 - Diskeeper Corporation)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
fotokasten comfort 5.0 (HKLM-x32\...\fotokasten comfort_is1) (Version:  - )
Free Video Flip and Rotate version 1.0.8.1215 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 1.0.8.1215 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HappyFoto-Designer 5.2 (HKLM-x32\...\HappyFoto-Designer_is1) (Version:  - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iDRS(tm) OCR Software by I.R.I.S (HKLM-x32\...\iDRS(tm) OCR Software by I.R.I.S) (Version: 1.00.17 (17.04.2012) - Samsung Electronics Co., Ltd.)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2618 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KaloMa 4.94 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)
LesenLernen (HKLM-x32\...\LesenLernen) (Version: 2.5 - Wolfram Esser)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{119B7882-19D7-4BE7-A417-29BB479D3ABE}) (Version: 1.0 - )
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 295.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.55 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6608 - Realtek Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung CLX-3300 Series (HKLM-x32\...\Samsung CLX-3300 Series) (Version: 1.04 (07.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.03.13 (29.06.2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.72.00(20.09.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11044_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.2.4 - Samsung)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.00.20.00 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.10.0 - SAMSUNG Electronics Co., Ltd.)
Schildis Datenbank (HKLM-x32\...\ST6UNST #1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spyware Terminator 2015 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.102 - Crawler Group)
Sweet Home 3D version 4.2 (HKLM-x32\...\Sweet Home 3D_is1) (Version:  - eTeks)
Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
T-Mobile Internet Manager (HKLM-x32\...\T-Mobile Internet Manager) (Version: 11.301.05.39.55 - Huawei Technologies Co.,Ltd)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 2.0 - Samsung Electronics CO., LTD.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ZyWALL IPSec VPN Client (HKLM-x32\...\ZyWALL IPSec VPN Client) (Version:  - ZyXEL)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-07-29 10:19 - 2013-07-29 10:24 - 00002821 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-2.adobe.com

Da befinden sich 36 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00022FA5-69D0-4145-86FC-96858EE71DE0} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {026E2A30-4138-4764-9E38-42E3DF6DA03C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {0E773AF0-9A3C-49CF-8C89-D9251F3D87D7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)
Task: {131E9456-084E-4C29-8F76-CAFE187E8BCB} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-09] (Samsung Electronics Co., Ltd.)
Task: {1F2A99AC-1F99-418F-9661-47DEA05A869B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {2DBE3542-1E15-4623-9A6B-9AA4A6F99FAF} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {37D7CB29-7F40-4EA3-A937-E14E8A2AE708} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {3B7E4CE0-47F6-4454-AE5E-75926362D8AA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {409F5A88-F4BF-4DAA-9DCD-0110F3B65ED0} - System32\Tasks\{61BE346E-77CF-4DA7-A0F9-D01630710D93} => pcalua.exe -a C:\Users\karo\Downloads\LesenLernen_v2.5_Setup.exe -d C:\Users\karo\Downloads
Task: {5125F5A6-843E-4020-B409-9129C66E8E9E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-06-08] (Oracle Corporation)
Task: {5378CCE1-318F-40F2-9000-A0917263F96E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {5AB503BB-6556-45D0-819B-0FE89674C923} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {5C14C8CF-20C4-4708-AA09-E0174B35221D} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KARO-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {5E795890-AB62-4A67-B481-6017EF9B2BBC} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5F06901C-8193-47FF-A656-5D37DE02E67A} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {68CF1927-63B9-43D8-AA90-2D7A62F29FDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {706A9D00-FE44-4BCE-81AF-BF9739B0FDAE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {78592F01-267B-43A1-97C6-26143E6EA858} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-01-28] (SEC)
Task: {8AD3D6BB-96A4-4C9D-9A0D-89B22B95D52F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {94EDA0ED-64E8-402A-AA0C-7D91F7A333A9} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {981B796D-2110-4B92-9F97-4CCADDB02D77} - \avayvaxxvae -> Keine Datei <==== ACHTUNG
Task: {B74560F8-F057-4238-96FC-C289FFA0F8D1} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {D51285F5-FFD5-40B9-B8F3-D174CD17BBA6} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {D881D6FD-9823-427C-B61B-CA28C58BA8D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DC1C6C0F-8390-48D1-A423-95C003EEA0CE} - System32\Tasks\{B10587D3-8F03-4151-819D-AA502E5582E8} => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
Task: {E523C47D-9303-46C8-A053-0F433FF8DA31} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {F00BDD68-114D-4CE8-91BD-8E324D7BC08F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {F4757738-DC10-486B-8206-4DE5ECBFADE7} - System32\Tasks\KiesHelper => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-12] (Samsung)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-05-30 20:07 - 2012-02-08 04:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-05-30 20:34 - 2012-02-13 08:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 10:58 - 2012-03-09 10:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2012-02-15 15:15 - 2012-02-15 15:15 - 00692224 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2015-07-24 20:42 - 2015-08-14 11:08 - 01032312 _____ () C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
2013-02-23 16:16 - 2009-12-09 16:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2015-02-19 23:40 - 2015-02-19 23:40 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-05-30 20:22 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-02-06 06:42 - 2012-01-05 10:24 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2013-02-23 16:16 - 2007-08-14 20:03 - 00022016 _____ () C:\windows\System32\sst1cl6.dll
2013-05-19 18:57 - 2012-01-09 13:47 - 00034304 _____ () C:\windows\System32\sst7clm.dll
2015-07-24 20:42 - 2015-08-14 11:08 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-30 20:34 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-05-30 20:34 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-05-30 20:38 - 2011-09-08 12:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2012-05-30 20:07 - 2012-02-08 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-09-02 22:33 - 2015-08-28 02:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-02 22:33 - 2015-08-28 02:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2011-09-01 22:10 - 2011-09-01 22:10 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
2013-07-18 15:02 - 2013-07-18 15:02 - 00310272 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\sslog.dll
2013-04-10 11:38 - 2013-04-10 11:38 - 00615424 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\SAStyle.cjstyles
2012-03-09 10:58 - 2012-03-09 10:58 - 00056696 _____ () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-04-10 11:50 - 2013-04-10 11:50 - 02560512 _____ () C:\Program Files (x86)\Samsung\Easy Printer Manager\sf.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\karo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HW_OPENEYE_OUC_T-Mobile Internet Manager => "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{81767A3B-0776-4D9B-9F97-DD0D80A92CBA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{81A6E0B7-2E79-458F-933E-A241B3580DE7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B9B1E611-1E46-431B-ABAF-8AE1391F3CEB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5CFAFEAC-E72A-40EB-9623-7260961F87B9}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C7B2B459-9954-4ECD-88CD-9017A044B974}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5B54EA4D-86DE-42D4-A6A6-E182B31EEC34}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6FF956F2-F713-4787-A243-ECC2804246B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{64430A5F-4954-4E95-9CD2-0713652A84C3}] => (Allow) LPort=2869
FirewallRules: [{66C95599-FE24-47F1-9C1C-74C4965A0293}] => (Allow) LPort=1900
FirewallRules: [{D55607D5-0378-4BAA-B822-95BCBE4DB1B0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E4C356F-DA7C-4BBB-8E2E-D1374ED56900}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DD7BF4D6-A047-4719-8CAD-7C16594B5631}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C6D68C01-C310-40A0-8B78-BB23176A5D15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{772D2BE2-7430-4621-9FBC-10D56FEFCF49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A0469AC-3DB5-4C24-ABEC-875A7A77C2CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{544C9829-5C74-437B-8A77-F1E186EA95BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03DF56EA-64B9-4744-A9D5-74115E4A0C3E}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{3D977D39-A57B-49E4-9045-9D16C06EBEF5}] => (Allow) C:\Windows\twain_32\Samsung\CLX3300\SCNSearch\USDAgent.exe
FirewallRules: [{D83B2D13-0523-4938-BB59-012BAFA0B724}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{381A5532-7E7B-4D9E-87AF-DCAA91E19372}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\USDAgent.exe
FirewallRules: [{B9E93E63-FC3C-480B-B0EE-721D1BBFAB4B}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{7838D869-0A33-4C1B-AEB6-ACBCDA85DE4C}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{268A81D5-17D9-49A6-B295-3266A9658027}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7651D0E6-5F6C-4068-8415-573E568F163A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1C07DFDA-77BE-4C70-A83A-8A41245885B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{A34A8689-E260-4F48-B426-DBE30FB0BC3F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{60CC8930-8752-4398-9453-2CAAF41AE281}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{63F1FCA2-81A5-42C8-9BEF-EB6A71421C71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{4A54F09E-01FC-4D20-9E75-6744F333A437}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{36814D55-A629-4E18-A765-8E520AA525AA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{790B8B51-4F62-4760-8FEB-3977A425B758}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F26E49A2-A379-4D9C-A11D-A5827CCC0319}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{7CF8C441-3353-4D85-862A-8785D65E0161}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8CB8A751-C722-4951-800D-96B730911D2A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{710AFE97-DC2B-421A-91FA-7CBF2C635974}] => (Allow) C:\Program Files (x86)\Artisteer 4\bin\Artisteer.exe
FirewallRules: [{2B0BB0AD-2F00-4F43-836E-54FCDC4B9197}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{AF010761-B233-4264-95E8-A042B8B373DA}] => (Allow) LPort=500
FirewallRules: [{4E5DE30D-68AB-4835-AA13-88069CE75156}] => (Allow) LPort=4500
FirewallRules: [{3118221F-50B4-4761-9941-E62BB379624C}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{39466785-69FC-4089-AAE2-3F4D2069F3C8}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{37D902E4-D8C8-4683-8770-0B980F40E67F}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [{42A55366-D1B1-4156-937A-7F67F98CEAC5}] => (Allow) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
FirewallRules: [TCP Query User{4B368A73-A616-44C0-9BC7-A9F2664B4BFE}C:\program files\360\360 internet security\360sdupd.exe] => (Allow) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [UDP Query User{72B5A44F-17AF-46A2-83CC-771F83DE9EF3}C:\program files\360\360 internet security\360sdupd.exe] => (Allow) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [TCP Query User{6477C0C4-330A-4151-B603-D5A962548B0E}C:\program files\360\360 internet security\360sdupd.exe] => (Block) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [UDP Query User{7B59A4BF-966A-4C8E-99A8-84152B582D54}C:\program files\360\360 internet security\360sdupd.exe] => (Block) C:\program files\360\360 internet security\360sdupd.exe
FirewallRules: [{127487CA-8887-4AF5-B2EC-593A09F2800F}] => (Allow) C:\Program Files\360\360 Internet Security\UpTip.exe
FirewallRules: [{224A8540-6EE7-4006-8A5B-E2D7DEB62AF4}] => (Allow) C:\Program Files\360\360 Internet Security\UpTip.exe
FirewallRules: [{9017617A-C414-411B-A43B-7315059EC460}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{6BCAC8B3-8A6B-4122-94C8-48D003D135BA}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{55329EE0-9B2F-44B6-9A45-866DD6BA755B}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{70D6B7C3-2D83-4BDB-85BC-B786F8E771E0}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{AEB6F8E9-C0F6-4128-83BF-9A3C7E8270DA}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{40078FD4-B23F-4698-900B-1778E7CF7C2E}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [TCP Query User{4B9815A2-BB24-438B-B5A5-1A7C855FC8FB}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{9A8EA97C-B40A-4278-AB29-F16C36D8FF78}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{482145AB-ECF1-414F-8691-23CA4782C125}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{631C97CD-1F78-4A01-9CAA-14B8700E8503}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{9CD24275-3A37-4D60-9A18-D2E179E1DE3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{365017FF-8AE8-4D34-8FA5-054D66E26317}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{C4D1E86F-7E34-4B83-AB4C-40D0E12BFDF4}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 724547

Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 724547

Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 06:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 14.0.7147.5000, Zeitstempel: 0x550f3d44
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e03
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0
Pfad der fehlerhaften Anwendung: EXCEL.EXE1
Pfad des fehlerhaften Moduls: EXCEL.EXE2
Berichtskennung: EXCEL.EXE3

Error: (09/03/2015 06:09:54 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3700) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (09/03/2015 06:09:48 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4884) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (09/03/2015 06:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (09/03/2015 08:18:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/03/2015 06:11:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {74944725-B65F-4E37-8633-BD4DDE193921}

Error: (09/03/2015 03:13:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {74944725-B65F-4E37-8633-BD4DDE193921}

Error: (09/02/2015 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (09/02/2015 09:05:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office:
=========================
Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 724547

Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 724547

Error: (09/03/2015 07:33:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (09/03/2015 07:21:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/03/2015 06:16:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7147.5000550f3d44ntdll.dll6.1.7601.187985507b3e0c000000500039e03130801d0e663f30dd5f0C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\windows\SysWOW64\ntdll.dll32910c1d-5257-11e5-aaa3-c485087b7b9e

Error: (09/03/2015 06:09:54 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3700WindowsMail0:

Error: (09/03/2015 06:09:48 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4884WindowsMail0:

Error: (09/03/2015 06:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 7973.54 MB
Verfügbarer physikalischer RAM: 4480.52 MB
Summe virtueller Speicher: 15945.26 MB
Verfügbarer virtueller Speicher: 11420.35 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:906.16 GB) (Free:731.32 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:928.39 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5DF977A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.3 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 815184BE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

neue Addition.txt fehlt...

Addition.txt hätte ich eh neu erstellt und gepostet im letzten Kommentar (3.9. 21:09) - was passt dran nicht?

Hatte irgendwie Tomaten auffe Augen

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 15-09-03.01 - karo 04.09.2015  16:25:11.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.7974.5315 [GMT 2:00]
ausgeführt von:: c:\users\karo\Downloads\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\360rec\20150414\213F3B0.vir
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\karo\AppData\Roaming\dfg5r76rsg.bat
c:\users\Public\AlexaNSISPlugin.1116.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-08-04 bis 2015-09-04  ))))))))))))))))))))))))))))))
.
.
2015-09-04 15:15 . 2015-09-04 15:15	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-09-04 15:15 . 2015-09-04 15:15	--------	d-----w-	c:\users\Mcx1-KARO-PC\AppData\Local\temp
2015-09-04 15:15 . 2015-09-04 15:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-09-03 12:51 . 2015-09-03 19:09	--------	d-----w-	C:\FRST
2015-09-01 18:26 . 2015-09-04 14:24	113880	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-01 18:26 . 2015-09-01 18:26	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-09-01 18:26 . 2015-09-01 18:26	--------	d-----w-	c:\programdata\Malwarebytes
2015-09-01 18:26 . 2015-06-18 06:41	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-09-01 18:26 . 2015-06-18 06:41	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-09-01 18:26 . 2015-06-18 06:41	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-08-31 19:38 . 2015-09-04 13:34	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2015-08-31 13:08 . 2015-08-31 13:08	--------	d-----r-	C:\360SANDBOX
2015-08-27 21:26 . 2015-09-03 12:46	--------	d-----w-	C:\$360Section
2015-08-27 21:23 . 2015-09-03 12:46	--------	d-----w-	c:\programdata\360Quarant
2015-08-27 21:22 . 2015-08-31 13:14	--------	d-----w-	c:\programdata\360TotalSecurity
2015-08-27 21:22 . 2015-08-31 17:27	--------	d-----w-	c:\programdata\360safe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-15 16:03 . 2013-02-27 20:10	778440	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-15 16:03 . 2013-02-27 20:10	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-14 09:08 . 2015-07-24 18:42	363088	----a-w-	c:\windows\system32\drivers\360fsflt.sys
2015-08-14 09:08 . 2015-07-24 18:42	319568	----a-w-	c:\windows\system32\drivers\360Box64.sys
2015-08-14 09:08 . 2015-07-24 18:42	178768	----a-w-	c:\windows\system32\drivers\BAPIDRV64.SYS
2015-08-14 09:08 . 2015-07-24 18:42	137296	----a-w-	c:\windows\system32\drivers\360AntiHacker64.sys
2015-08-14 09:08 . 2015-07-24 18:42	77904	----a-w-	c:\windows\system32\drivers\360AvFlt.sys
2015-07-19 08:11 . 2014-05-21 16:23	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-09 03:45 . 2015-07-24 18:42	40520	----a-w-	c:\windows\system32\drivers\360Camera64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-22 12:54	323752	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2013-11-17 253952]
"Samsung PanelMgr"="c:\windows\samsung\panelmgr\SSMMgr.exe" [2012-02-15 692224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-08-14 1032312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TgbIke Starter;TgbIke Starter;c:\windows\SysWOW64\TgbStarter.exe;c:\windows\SysWOW64\TgbStarter.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TGBMPEnum;TheGreenBow VPN Miniport Enumerator;c:\windows\system32\DRIVERS\TGBMPEnum.sys;c:\windows\SYSNATIVE\DRIVERS\TGBMPEnum.sys [x]
S3 TGBVPNVirtM;TheGreenBow Virtual Miniport;c:\windows\system32\DRIVERS\TGBVPNVirtM.sys;c:\windows\SYSNATIVE\DRIVERS\TGBVPNVirtM.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-02 20:33	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 16:03]
.
2015-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 20:32]
.
2015-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02 20:32]
.
2015-09-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
2015-09-04 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-20 13:53	357376	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-29 12460136]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-19 11406608]
"TgbVpn"="c:\program files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe" [2013-10-15 684672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\katja\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\katja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\program files (x86)\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EEDSpeedLauncher - c:\windows\system32\eed_ec.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.11.42\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-09-04  17:32:13
ComboFix-quarantined-files.txt  2015-09-04 15:32
.
Vor Suchlauf: 11 Verzeichnis(se), 784*095*195*136 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 783*762*739*200 Bytes frei
.
- - End Of File - - B16738CFF2FC7FE4A7B31D3B9219487D
         

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v5.005 - Bericht erstellt am 04/09/2015 um 23:05:10
# Aktualisiert am 31/08/2015 von Xplode
# Datenbank : 2015-09-04.4 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : karo - KARO-PC
# Gestartet von : C:\Users\karo\Desktop\AdwCleaner_5.005.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\ProgramData\apn
[-] Ordner Gelöscht : C:\Users\karo\AppData\Local\YSearchUtil
[-] Ordner Gelöscht : C:\Users\karo\AppData\Roaming\RHEng
[-] Ordner Gelöscht : C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}
[-] Ordner Gelöscht : C:\windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\invalidprefs.js
[-] Datei Gelöscht : C:\windows\Sysnative\drivers\SPPD.sys

***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\BRS
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\BRS
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Internetbrowser ] *****

[-] [C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[-] [C:\Users\karo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\karo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\karo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\karo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : npdicihegicnhaangkdmcgbjceoemeoo
[-] [C:\Users\karo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Gelöscht : pfkfdlcdbajamklbneflfbcmfgddmpae

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4656 Bytes] ##########
         

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by karo on 04.09.2015 at 23:11:50,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\EasySpeedUpManager
Successfully deleted: [Task] C:\windows\system32\tasks\KiesHelper



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{01C1917B-B981-465A-B171-6711CCDFB611}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{07023C43-0AF1-40B5-AB80-87F0453F2560}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{089AE922-0944-4328-B880-16A421F9E5EF}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{089FD12A-169F-4E05-8380-6604402A8F86}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{08D20397-E19E-4288-B506-44C5AEC4C713}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{090F54B0-3785-432D-8BBE-F7AE50CA2C3C}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{0B054CB8-9AEE-4965-B18D-F529425312BE}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{0CC204B9-417F-4B16-8832-4303B7E7B6D6}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{0DA96EE6-12AB-4C15-BD79-6C30D9BF4B3B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{0FF23961-5A10-41DA-9359-19BE0EBDB2B0}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{11AD6BD6-4790-445F-B181-760EC2D8535A}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{139108BD-D15A-4BFD-B8B2-6AD09D68CEDB}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{16327BAE-FD26-47C0-91DA-8769B629144C}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{16E66DF7-423E-4DAC-A946-E0898FE2DAC3}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{189DB391-DAF9-4BD0-9BB3-09FFDC8F9145}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{193EF494-7A58-4295-8819-66CFE57281C7}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{1AAF60EE-6AAE-4DD4-97C9-2355D5988D85}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{1CA4BAEB-0EE9-4321-84A0-E31DEB80F4A9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{1E1424CD-6888-49F7-B5B4-C6A2262A54F1}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{20255F36-F275-41D4-8878-89231B263BD2}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{21312827-E51B-444F-9FF3-A47CBC8EF5F5}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{256A231A-9517-4D42-82C8-4884ED52FBEF}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{27A7F0C9-BA90-47B3-8A13-EA216EC281B9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{287B6947-2A8D-4174-A450-193EA80E7BAD}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{2C3A0303-167B-4E36-8EA8-C692FDD5EDA9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{2C5DD7F9-8A1E-4853-8E57-A269B0FBE6B8}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{2E85868B-6B17-4A95-B8E9-D5DCB00E3DDD}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{3009EE34-4F42-44E3-B69F-4FFFA03CCF8B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{31EEADCF-2038-4EE8-BDB5-ABE2E793DC94}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{326F29A7-6A0D-4C39-936D-CB028969CDD2}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{336D57B0-5F7F-4070-998B-11250FF7E503}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{383ABFFC-8E7F-4361-9C19-4E7B9D8E9091}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{392F42A5-1C20-424A-BFAE-EEDD00A941A6}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{3EF49CE9-276D-4B48-B3C2-8EF308681EF6}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{3FC106D2-F669-4EE7-A148-35A48D4B66F8}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{419A85B5-70D6-4C7C-A920-CB4AB0754A1A}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{430A8901-2467-4E3B-A6C9-82A38194EF33}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{44923E82-51B9-4295-95E2-50B1EFBD4A04}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{44EEAC54-3FEF-4A90-98B3-888278F6C67B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{492971E2-5504-45FE-8629-0392227800A9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{495896C0-8BBD-4D5E-B607-B182DD5B54F0}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{4CBE18ED-C7E5-4CFC-B0F8-EE8627354F38}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{553A7AFA-BBCA-4686-975C-4AE337856693}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{573AA924-5061-4C66-8BE4-99A6B5084889}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5826ADF3-661E-4661-B833-AFD62F1FDD8D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{58EA4FCC-BDCB-456E-81A8-E6C0AD49E7CD}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5954D5FD-3022-4E5D-96E2-F1D682F8F34B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5A9A8FD9-5777-4936-B3FF-E4FD201F6B61}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5AF4A209-6E91-4015-A5AC-CB518FD5D03E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5C122E80-63FB-448B-B4CC-BA751073D21F}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5D1CF96E-D452-4A3F-80D2-D3AB57910235}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{5D4A5FDC-8746-42B2-8AFE-73AFE3A5B626}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{618FCE25-99E4-4AE8-9CBD-2D07CFE57D07}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{61EE2220-4E15-4164-9DAC-2F5A4597A588}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{633A4C7F-1C8F-467B-9708-AA2197D838F5}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{64051064-0B7A-4025-985B-0353591081F5}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{64E87592-5D2C-4A53-97E7-F733FBF7E1B9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{66614D51-E48D-4677-88D9-E4419841145E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{6925A458-DB5A-4EB0-9886-847FC1EE8930}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{698A826C-F7AB-462C-80CF-C417E9D690CF}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{6F873EEA-7302-4102-BCC2-56A9669B2576}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7275D8AB-85BA-4DFE-A2A0-81BC3FE3142D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{72D0EC17-2EEC-4C36-A121-51254C9C0901}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{72D11B63-9A13-4E40-927C-EC39FC939173}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{738FD763-6B0E-4D2A-8D37-6F3EA7C7B3D8}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{75E2547C-ED20-4750-91FA-2A338CF41AFB}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{77F767A2-50A7-4322-8DAA-EF3E97DBFE01}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{782FBED7-E589-4F43-AE36-45CF73C2823B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7971EC8C-98A3-4C15-8ABF-80C37E6F790A}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7A4042A6-2292-43E5-A56D-B08A280EA966}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7C8BE16E-549C-4F01-BDEA-F4AE9DF6E05D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7EF76871-8B23-496E-B6F3-75C280F0F3C3}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{7FC6226D-CBDF-47AC-B8D3-C8BC76FC2826}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{827368FB-E650-4F2E-A3E7-E62A266E54DD}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{84796EAF-F8C3-4552-871F-3C5A6F4BC378}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{84988DF0-0231-44F3-86AF-196A9F9D0C34}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8859A378-8D76-4F62-9697-CA2E87E8FC36}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{88F23B06-A193-4595-AED9-E8E2CC742732}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{89AC7729-C583-4C17-880E-E0EBDA21EB43}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8A1DA598-FEE6-4F14-AC38-E492BF4D219F}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8AC0EB4E-70C9-4F92-B88D-81D744748BE0}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8B153B7F-2917-4352-997F-C4E2E23B8CE5}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8B74779F-D703-4692-AC4C-340B3D9A8DE9}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{8C345AE7-63D7-4528-9119-6F4D3997C42F}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{9054AF80-33ED-4A63-AF8A-30EDD56D7664}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{95B79EDD-0DE3-4612-98DE-13442F68798F}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{97E7D714-62B6-4228-A148-84CF77E51BCE}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{9A376BB9-DC28-4346-91B0-1D403F74DF9B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{9D4F7974-A0BF-4DEB-98C5-2D153A8FDB6B}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{9E3A88D5-E2B1-462A-B37A-0ADEAE9A83FD}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{A35A6411-831A-4C14-9C11-55D063D66DA7}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{A47A2E9B-46E5-4B6F-AD70-0AED4388CFD2}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{A70925C6-D9D8-46F2-A112-1F81314494CA}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{AD6F22B8-89E5-4B4C-A7F9-E80D36A63DCE}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{AE19192A-26C6-4C70-9116-E33C7E5CA594}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{B3553541-5618-4BFA-B658-5EB7A3C6C8C0}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{B7194D83-9682-4B60-8FC1-3EE16C25A0B7}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{B9F6FCAC-367C-4284-9494-EB3A946370B0}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{BD6A9AD8-B0AC-43CA-81EF-CEB0CB235448}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{BE497DD0-6E44-4071-8B06-2C19FF3A1640}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C21B5750-76FE-4E3C-B4BD-6FDCD7233274}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C45CCA3B-44AF-407B-94DD-5E983170A303}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C62673CC-A79C-41A4-9296-B1428A916CC2}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C7DC386D-474D-497F-A50C-0E1E9450893E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C86C4EFD-2312-42A5-ABD1-C1A00F744E5E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{C96B60E0-27D5-4AB5-9739-87B6A6A2A2E8}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{CA2E70C6-FC2B-4F37-8338-0BEA7783CBEB}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{CA9E9DAC-895D-4634-B757-02E3B6DAE68C}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{CCC3BFA3-CCCA-40F6-9CB5-00B7EF8640F5}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{CF7F9784-2E88-4098-9970-8C1E66EDA944}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{D1EC4A46-9D8C-4195-B7B5-FBFAB340BEDC}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{D2C34441-0649-4FDF-85E6-C884EFACDC69}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{DC1E17B0-A755-4A2F-B234-B23D139EC83D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{DC555C71-18BF-4405-94A0-2C27A8B98248}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E130F31A-D8D5-46C5-9F84-5E626AA4CD97}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E2C409BF-DE68-4DF6-9FA0-F502B199968D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E4895627-70BF-4EE2-9AAF-121AD18EDC6E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E5125992-5D13-4BBF-A6AB-91E94F78EC2D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E54EE6A3-E3E0-4E58-9376-E652B095634E}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{E9B085AA-D845-435D-BD3B-58EF42162187}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{EA483FCF-90A5-44CB-A2A5-99E864042697}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{F0859742-4813-4250-84C5-30F44C347585}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{F1F1AF77-CBB7-4FDE-AE5D-D7E2258501D6}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{F21E49AB-1AF8-4FE0-95E8-45A81D33AE2D}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{F6223F4A-4BD6-47B2-87FF-344FCFBE5806}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{FD1E6FF8-29B3-45E6-9D2D-B67D5917B0E8}
Successfully deleted: [Empty Folder] C:\Users\karo\Appdata\Local\{FD35666A-F0CF-4404-9A2E-EC8C0CB3EE37}



~~~ FireFox

Successfully deleted the following from C:\Users\karo\AppData\Roaming\mozilla\firefox\profiles\8sdotlbs.default\prefs.js

user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
Emptied folder: C:\Users\karo\AppData\Roaming\mozilla\firefox\profiles\8sdotlbs.default\minidumps [48 files]



~~~ Chrome


[C:\Users\karo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\karo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\karo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\karo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.09.2015 at 23:16:03,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Ich hoffe, dass wirklich alle Malware-Scanner deaktiviert waren - hätte ich es irgendwie gemerkt, falls nicht?
Die Windows Firewall habe ich nicht deaktiviert - wäre das auch sinnvoll?
Danke!

Code: Alles auswählenAufklappen

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
durchgeführt von karo (Administrator) auf KARO-PC (04-09-2015 23:28:12)
Gestartet von C:\Users\karo\Downloads
Geladene Profile: karo (Verfügbare Profile: UpdatusUser & karo & Mcx1-KARO-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\karo\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [TgbVpn] => C:\Program Files (x86)\ZyXEL\ZyWALL IPSec VPN Client\vpnconf.exe [684672 2013-10-15] (ZyXEL)
HKLM-x32\...\Run: [DataCardMonitor] => C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2013-11-17] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\windows\samsung\panelmgr\SSMMgr.exe [692224 2012-02-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1032312 2015-08-14] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [260928 2012-02-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44817066-EFFE-4E72-87A7-BFF2678F05A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76A99031-44AF-4DE3-AF0A-F9DF1EAE47DC}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{9C3EFB80-AE94-4EEF-B089-6681C65C0888}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2810523341-1374500079-2043300955-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> DefaultScope {542E156F-70B1-4665-ADD7-F0656E422F67} URL = 
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {5067DC2E-0597-44B5-A808-634A2A28CC46} URL = hxxps://at.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2810523341-1374500079-2043300955-1001 -> {542E156F-70B1-4665-ADD7-F0656E422F67} URL = 
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-08-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-19] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\englische-ergebnisse.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche-sterreich.xml [2014-07-11]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\gmx-suche.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\lastminute.xml [2013-04-17]
FF SearchPlugin: C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\searchplugins\webde-suche.xml [2013-04-17]
FF Extension: Avira Browser Safety - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\abs@avira.com [2015-09-02]
FF Extension: GMX MailCheck - C:\Users\karo\AppData\Roaming\Mozilla\Firefox\Profiles\8sdotlbs.default\Extensions\mailcheck@gmx.net [2015-09-02]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.47\coFFPlgn [2015-09-04]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-07-24]

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\karo\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\karo\AppData\Local\Google\Chrome\User Data\default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-10-20]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2011-09-23] (Diskeeper Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [858744 2015-08-14] (QIHU 360 SOFTWARE CO. LIMITED)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [Datei ist nicht signiert]
S2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [Datei ist nicht signiert]
S2 TgbIke Starter; C:\windows\SysWOW64\TgbStarter.exe [238640 2013-10-15] (TheGreenBow)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-08-14] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-08-14] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-08-14] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-07-09] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-08-14] (360.cn)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-08-14] (360.cn)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-10-21] (Huawei Technologies Co., Ltd.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2011-09-23] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [80688 2011-09-23] (Diskeeper Corporation)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [39096 2013-10-15] (TheGreenBow)
R3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [158904 2013-10-15] (TheGreenBow)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [Datei ist nicht signiert]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-04 23:26 - 2015-09-04 23:27 - 02188800 _____ (Farbar) C:\Users\karo\Downloads\FRST64 (1).exe
2015-09-04 23:16 - 2015-09-04 23:16 - 00014970 _____ C:\Users\karo\Desktop\JRT.txt
2015-09-04 22:49 - 2015-09-04 22:50 - 01799392 _____ (Malwarebytes Corporation) C:\Users\karo\Desktop\JRT_7600.exe
2015-09-04 22:47 - 2015-09-04 22:47 - 01654272 _____ C:\Users\karo\Desktop\AdwCleaner_5.005.exe
2015-09-04 18:22 - 2015-09-04 18:22 - 00001146 _____ C:\Users\karo\Desktop\ComboFix - Verknüpfung.lnk
2015-09-04 17:32 - 2015-09-04 17:32 - 00024217 _____ C:\ComboFix.txt
2015-09-04 16:22 - 2015-09-04 17:33 - 00000000 ____D C:\Qoobox
2015-09-04 16:22 - 2015-09-04 17:28 - 00000000 ____D C:\windows\erdnt
2015-09-04 16:22 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2015-09-04 16:22 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2015-09-04 16:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-09-04 16:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-09-04 16:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-09-04 16:22 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2015-09-04 16:22 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2015-09-04 16:22 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2015-09-04 16:21 - 2015-09-04 16:22 - 05635231 ____R (Swearware) C:\Users\karo\Downloads\ComboFix.exe
2015-09-03 14:52 - 2015-09-03 21:09 - 00049040 _____ C:\Users\karo\Downloads\Addition.txt
2015-09-03 14:51 - 2015-09-04 23:28 - 00018407 _____ C:\Users\karo\Downloads\FRST.txt
2015-09-03 14:51 - 2015-09-04 23:28 - 00000000 ____D C:\FRST
2015-09-03 14:50 - 2015-09-03 14:50 - 02188800 _____ (Farbar) C:\Users\karo\Downloads\FRST64.exe
2015-09-03 14:48 - 2015-09-03 14:48 - 01690624 _____ (Farbar) C:\Users\karo\Downloads\FRST.exe
2015-09-03 07:50 - 2015-09-03 07:50 - 00001362 _____ C:\Users\karo\Downloads\360 TS 20150827232258.txt
2015-09-02 22:33 - 2015-09-02 22:33 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-02 22:33 - 2015-09-02 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-02 22:32 - 2015-09-04 23:06 - 00001102 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-02 22:32 - 2015-09-04 22:37 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 22:32 - 2015-09-02 22:32 - 00004102 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 22:32 - 2015-09-02 22:32 - 00003850 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-02 22:30 - 2015-09-02 22:30 - 00929360 _____ (Google Inc.) C:\Users\karo\Downloads\ChromeSetup(2).exe
2015-09-01 21:07 - 2015-09-04 23:06 - 00015712 _____ C:\windows\PFRO.log
2015-09-01 20:26 - 2015-09-04 16:24 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-01 20:26 - 2015-09-01 20:26 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-01 20:26 - 2015-09-01 20:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-09-01 20:26 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-01 20:26 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-01 20:20 - 2015-09-01 20:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\karo\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 21:51 - 2015-09-04 23:06 - 00001680 _____ C:\windows\setupact.log
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 _____ C:\windows\setuperr.log
2015-08-31 21:38 - 2015-09-04 15:34 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2015-08-31 21:37 - 2015-08-31 21:37 - 09488448 _____ (Crawler Group ) C:\Users\karo\Downloads\SpywareTerminatorSetup2015_300102.exe
2015-08-31 15:08 - 2015-08-31 15:08 - 00000000 _RSHD C:\360SANDBOX
2015-08-27 23:26 - 2015-09-03 14:46 - 00000000 ____D C:\$360Section
2015-08-27 23:23 - 2015-09-03 14:46 - 00000000 ____D C:\ProgramData\360Quarant
2015-08-27 23:22 - 2015-08-31 19:27 - 00000000 ____D C:\ProgramData\360safe
2015-08-27 23:22 - 2015-08-31 15:14 - 00000000 ____D C:\ProgramData\360TotalSecurity

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-04 23:20 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 23:20 - 2009-07-14 06:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 23:12 - 2012-05-30 18:37 - 00703192 _____ C:\windows\system32\perfh007.dat
2015-09-04 23:12 - 2012-05-30 18:37 - 00150800 _____ C:\windows\system32\perfc007.dat
2015-09-04 23:12 - 2009-07-14 07:13 - 01629348 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-04 23:10 - 2012-05-31 12:02 - 01529353 _____ C:\windows\WindowsUpdate.log
2015-09-04 23:06 - 2012-05-30 20:07 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-09-04 23:06 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-04 23:05 - 2014-08-24 22:40 - 00000000 ____D C:\AdwCleaner
2015-09-04 23:03 - 2013-05-30 08:54 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 22:56 - 2013-05-19 19:04 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-09-04 20:53 - 2013-03-10 13:40 - 00000000 ____D C:\Users\karo\Documents\Outlook-Dateien
2015-09-04 18:24 - 2013-04-26 07:17 - 00000000 ____D C:\Users\karo\AppData\Local\CrashDumps
2015-09-04 17:32 - 2014-04-22 22:21 - 00000000 ____D C:\Users\dub_cm_auto
2015-09-04 17:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-09-04 17:15 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2015-09-04 16:18 - 2015-01-29 11:03 - 00001998 ____H C:\Users\karo\Documents\Default.rdp
2015-09-04 16:16 - 2012-05-30 20:07 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-09-04 15:35 - 2009-07-14 06:45 - 05533680 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-03 22:13 - 2013-03-11 22:43 - 00000000 ____D C:\Users\Public\Documents\Computer
2015-09-03 19:15 - 2013-10-07 19:39 - 01156096 ___SH C:\Users\karo\Downloads\Thumbs.db
2015-09-03 19:01 - 2013-02-27 22:09 - 00000000 ____D C:\ProgramData\Adobe
2015-09-03 19:00 - 2013-03-14 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-03 18:55 - 2013-02-23 09:49 - 00119264 _____ C:\Users\karo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-03 18:09 - 2013-02-23 09:37 - 00001425 _____ C:\Users\karo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-03 17:39 - 2013-02-23 09:35 - 00000000 ____D C:\Users\karo
2015-09-03 07:49 - 2013-03-14 17:38 - 00000000 ____D C:\Users\karo\AppData\Local\Adobe
2015-09-02 22:33 - 2013-11-24 16:51 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-01 14:31 - 2013-03-14 17:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 16:23 - 2013-05-21 17:53 - 00000000 ____D C:\Users\karo\Documents\Scan
2015-08-27 23:37 - 2015-07-24 20:42 - 00001153 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-08-27 23:37 - 2015-07-24 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-08-27 23:30 - 2015-01-29 10:44 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-27 23:28 - 2015-03-19 13:22 - 00000000 ____D C:\Program Files\360
2015-08-27 23:26 - 2014-08-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-27 23:23 - 2015-03-19 13:23 - 00000000 ____D C:\Users\karo\AppData\Roaming\360safe
2015-08-27 23:23 - 2009-07-14 05:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-25 13:45 - 2013-03-24 11:56 - 00000000 ____D C:\Users\Public\Documents\Finanzen
2015-08-22 20:08 - 2013-12-12 10:03 - 00000000 ____D C:\Users\karo\Documents\Simon
2015-08-22 20:05 - 2013-03-09 12:21 - 00000000 ____D C:\Users\Public\Documents\Lilli
2015-08-15 18:03 - 2013-05-30 08:54 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-15 18:03 - 2013-02-27 22:10 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-15 18:03 - 2013-02-27 22:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 11:08 - 2015-07-24 20:42 - 00363088 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00319568 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00178768 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2015-08-14 11:08 - 2015-07-24 20:42 - 00137296 _____ (360.cn) C:\windows\system32\Drivers\360AntiHacker64.sys
2015-08-14 11:08 - 2015-07-24 20:42 - 00077904 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-23 16:16 - 2014-01-24 12:47 - 0000077 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-23 16:14 - 2015-03-23 23:02 - 0002021 _____ () C:\Users\karo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-01-23 16:16 - 2014-01-24 12:47 - 0000154 _____ () C:\Users\karo\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-02 16:35 - 2014-12-24 11:03 - 0003584 _____ () C:\Users\karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-25 20:45 - 2013-08-25 20:45 - 0007605 _____ () C:\Users\karo\AppData\Local\Resmon.ResmonCfg
2012-05-30 20:26 - 2012-05-30 20:26 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-30 20:18 - 2012-05-30 20:18 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-30 20:22 - 2012-05-30 20:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-30 20:19 - 2012-05-30 20:22 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-30 20:23 - 2012-05-30 20:25 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Einige Dateien in TEMP:
====================
C:\Users\karo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-04 20:06

==================== Ende von FRST.txt ============================