Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Vermehrte Werbung/Popups und Flash Aktualisierungsaufforderung in Chrome; Rechner generell verlangsamt (https://www.trojaner-board.de/159124-windows-7-vermehrte-werbung-popups-flash-aktualisierungsaufforderung-chrome-rechner-generell-verlangsamt.html)

Arcanis 26.09.2014 19:31
Windows 7: Vermehrte Werbung/Popups und Flash Aktualisierungsaufforderung in Chrome; Rechner generell verlangsamt
 
Hallo liebe Experten hier im Forum,

seit einigen Tagen kommt es immer wieder vor, dass vermehrt Werbebanner und Popuplinks in meinen Chrome Fenstern auftauchen.

Desweiteren stürzen "Werbevideos", die ja bei vielen Webseiten (auch Amazon etc.) mittlerweile Standard sind ab. Hier bekomme ich eine Aufforderung meinen Flash Player zu aktualisieren (habe ich natürlich nicht über den angezeigten Link getan).

Desweiteren ist mein Rechner bei sonst unproblematischen Prozessen (zum Beispiel Online Spielen im Internet) seit ein paar Tagen ein wenig verlangsamt.

Es entstehen Verzögerungen, die laut Task Manager nicht am ausgelasteten CPU (und auch nicht an der Internetverbindung) liegen können (meiner Meinung nach, ich bin ja aber kein Experte).

Deswegen habe ich mich hier in eurem Forum bereits belesen und die Defogger, FRST und Gmer Analyse durchgeführt.

Ich hoffe ihr könnt mir bei meinem Problem (falls eines besteht) weiterhelfen.

Freundliche Grüße,

Arcanis

schrauber 26.09.2014 19:38
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Arcanis 26.09.2014 19:56
upps..

hier die FRST logs:
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by ******* (administrator) on ARCANIS on 26-09-2014 20:09:50
Running from C:\Users\*******\Desktop
Loaded Profile: ******* (Available profiles: ******* & Party & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Hi-Rez Studios) C:\Installationen\Smite\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Installationen\Phone\Skype.exe
(Razer USA Ltd) C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe
(Google Inc.) C:\Users\*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\*******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*******\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe [957840 2010-12-30] (Razer USA Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-295951725-620095448-2388595162-1000\...\Run: [Google Update] => C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-27] (Google Inc.)
HKU\S-1-5-21-295951725-620095448-2388595162-1000\...\Run: [Skype] => C:\Installationen\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-295951725-620095448-2388595162-1000\...\RunOnce: [Uninstall C:\Users\*******\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\*******\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\*******\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Logitech Device Detection) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll (Logitech, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\*******\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-27]
CHR Extension: (Google Search) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-27]
CHR Extension: (Logitech Device Detection) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2012-07-10]
CHR Extension: (AdBlock) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-27]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-27]
CHR StartMenuInternet: Google Chrome - C:\Users\*******\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HiPatchService; C:\Installationen\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-18] (Cherished Technololgy LIMITED) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-08-18] (Fuyu LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 20:09 - 2014-09-26 20:10 - 00012551 _____ () C:\Users\*******\Desktop\FRST.txt
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\*******\Downloads\FRST64.exe
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-09-26 20:09 - 2014-09-26 20:09 - 00000000 ____D () C:\FRST
2014-09-26 20:08 - 2014-09-26 20:08 - 00000486 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-12 02:02 - 2014-09-12 02:02 - 01003664 _____ () C:\Windows\Minidump\091214-15334-01.dmp
2014-09-08 20:49 - 2014-09-08 20:49 - 00001891 _____ () C:\Users\*******\Downloads\Public.zip
2014-09-08 03:52 - 2014-09-08 03:52 - 15205205 _____ () C:\Users\*******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.1.rar
2014-09-08 03:50 - 2014-09-08 03:50 - 09634456 _____ () C:\Users\*******\Downloads\Me And Uncle - Takase Tsukasa (1).rar
2014-09-08 03:48 - 2014-09-08 03:48 - 21486253 _____ () C:\Users\*******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.2.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 20:08 - 2012-04-27 19:53 - 00000000 ____D () C:\Users\*******
2014-09-26 20:04 - 2012-04-27 20:25 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Skype
2014-09-26 19:58 - 2013-04-08 21:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 19:42 - 2012-04-27 20:23 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA.job
2014-09-26 19:16 - 2012-04-27 20:30 - 00000000 ____D () C:\Users\*******\AppData\Local\PMB Files
2014-09-26 19:15 - 2012-04-27 20:30 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-26 19:13 - 2012-05-01 19:13 - 00000000 ____D () C:\Users\*******\AppData\Local\Adobe
2014-09-26 19:08 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 19:08 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 19:07 - 2009-07-14 06:51 - 00109808 _____ () C:\Windows\setupact.log
2014-09-26 19:06 - 2012-04-27 01:54 - 01097016 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 19:05 - 2012-07-03 18:43 - 00000000 ___RD () C:\Users\*******\Dropbox
2014-09-26 19:05 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox
2014-09-26 19:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 22:42 - 2012-04-27 20:23 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core.job
2014-09-25 00:44 - 2012-04-27 20:24 - 00002390 _____ () C:\Users\*******\Desktop\Google Chrome.lnk
2014-09-23 23:58 - 2013-04-08 21:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:58 - 2013-04-08 21:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 23:58 - 2013-04-07 21:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 13:07 - 2014-08-18 18:58 - 00000000 ____D () C:\Users\*******\AppData\Roaming\sweet-page
2014-09-22 11:01 - 2014-03-16 21:11 - 00002495 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-22 11:01 - 2012-04-27 20:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 11:01 - 2012-04-27 20:24 - 00000000 ___RD () C:\Installationen
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 18:26 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-12 02:02 - 2012-05-23 19:38 - 491413942 _____ () C:\Windows\MEMORY.DMP
2014-09-12 02:02 - 2012-05-23 19:38 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 11:35 - 2012-07-16 22:26 - 01990656 ___SH () C:\Users\*******\Desktop\Thumbs.db
2014-08-31 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-27 01:44 - 2014-02-09 19:54 - 00000000 ____D () C:\Users\*******\AppData\Local\Battle.net

Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\*******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzfumvd.dll
C:\Users\*******\AppData\Local\Temp\GURF489.exe
C:\Users\*******\AppData\Local\Temp\Gw2.exe
C:\Users\*******\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\*******\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\*******\AppData\Local\Temp\p25cli.exe
C:\Users\*******\AppData\Local\Temp\SETUP.EXE
C:\Users\*******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*******\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 22:22

==================== End Of Log ============================
--- --- ---

--- --- ---


und hier der Addition log:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by ******* at 2014-09-26 20:10:31
Running from C:\Users\*******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Chromas Lite 2.1.1 (HKLM-x32\...\Chromas Lite) (Version: 2.1.1 - Technelysium Pty Ltd)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.104 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.104 - Etron Technology) Hidden
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Gameforge Live 1.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.0.1717 - Gameforge)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GraphPad Prism 6 (Trial) (HKLM-x32\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.03 - GraphPad Software)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ImageJ 1.45s (HKLM-x32\...\ImageJ_is1) (Version:  - NIH)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.4.1 - www.leaguereplays.com)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
Mozilla Thunderbird 16.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 16.0.1 (x86 de)) (Version: 16.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mumble 1.2.3 (HKLM-x32\...\{C3E9887A-23BA-4777-8080-191A5AFCAB74}) (Version: 1.2.3 - Thorvald Natvig)
Neverwinter (HKLM-x32\...\Neverwinter) (Version:  - Cryptic Studios)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.205.0 - Tracker Software Products (Canada) Ltd.)
Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version:  - )
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.00.25 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.1.9 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - Ascaron)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2069.0 - Hi-Rez Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.50 - CipSoft GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1C49E606-8C21-4250-96DC-481117D893D9}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*******\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*******\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*******\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-295951725-620095448-2388595162-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*******\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

08-09-2014 00:08:28 Windows Update
12-09-2014 00:14:14 Windows Update
16-09-2014 18:45:10 Windows Update
21-09-2014 19:36:05 Windows Update
25-09-2014 18:18:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A49468D-CCC2-429C-843D-310C082F1EC9} - System32\Tasks\{70C773EC-CDBA-4E8A-A1AD-E1B75943D0C2} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {0BD438E3-2D24-4F00-9ABD-55452D1504CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core => C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {0E3272F7-BB92-4866-BE6E-22C9E9451801} - System32\Tasks\{D2C65A9D-1928-4303-BA4C-E1587EC9FDE8} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {1CAE7248-3F96-4F48-9662-DA21EEB4C78C} - System32\Tasks\{386E1E5B-6F53-418C-81B4-CDBDD014C759} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {220C45D5-5355-4F00-99D0-B9A1A1015D15} - System32\Tasks\{491B9C4E-E2C2-4F47-838E-D93E08C12D45} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {24D8F452-52C8-4360-8AB2-E23B23EC9C6E} - System32\Tasks\{46F40372-254B-4507-8BA6-F19CBB6135A8} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {2C98E6F7-031A-42FC-A847-A569D0247541} - System32\Tasks\{DC10600F-8B1C-4C5F-AEEF-A47DB57B5C91} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {2F73EA99-F9BB-4737-B96B-205D2DFFEA14} - System32\Tasks\AdobeAAMUpdater-1.0-Arcanis-******* => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {5AED1033-7810-4FE6-B9B5-DF3AFD34CBA6} - System32\Tasks\{9C48D93F-78DC-42C4-9B74-01715C76C849} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {5E7004F6-81F8-4B2C-B383-9ED9AE3A90AE} - System32\Tasks\{34FBF59D-805F-4D6A-842A-C7E9E0714026} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {617E3501-D6DF-4693-A840-62D301056A11} - System32\Tasks\{F5364A45-6551-4956-AA0A-91B609DFE9DA} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {97245B79-14C9-49FE-BFB3-764E6C94B749} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {9C08B84E-ECB3-4EF2-AC75-A4E387E8FF68} - System32\Tasks\{28CC3053-94D5-4656-81F8-4F816BBF7BE7} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {9EBDA222-9B39-41B9-B340-3B17A88DA483} - System32\Tasks\{E69A8441-7524-4363-94D6-319C40361956} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {A13E227D-209D-4887-81EC-6C953510BE59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA => C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {A6EFA7F2-417D-43B1-9253-39724A492189} - System32\Tasks\{F7CA617B-3BDA-4AC0-B597-FD8A547194FF} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {BA20C16C-7166-42CA-8E36-A5D31F285CD0} - System32\Tasks\{452B1CE7-C0E1-41B8-991B-BE32B7967029} => C:\Installationen\Aion\GameforgeLive\GameforgeLive.exe [2013-02-05] ()
Task: {C77B3E7C-C32E-4F68-9874-79126C70E49D} - System32\Tasks\{9AB50EF8-9E31-4698-95EA-3478C3E60157} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {D94113B4-FFF3-47F6-A26C-59E67C5EDFAB} - System32\Tasks\{138188B3-AB25-40D5-82C1-F0600EAA3838} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {DDBB4BE4-BDD4-4BC7-8648-B728421F0502} - System32\Tasks\{29B0DC3D-6619-4047-9025-EFFA06FF56AC} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: {DFE9EE17-81E6-4A9B-B1F1-BD29D2C3EB9B} - System32\Tasks\{A5E92BC0-E17F-4467-BC01-18D3F933A8E7} => C:\Installationen\Ragnarok online 2\RO2Client.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core.job => C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA.job => C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2011-04-15 10:16 - 2011-04-15 10:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-25 00:44 - 2014-09-23 06:06 - 01098056 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 00:44 - 2014-09-23 06:06 - 00174408 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 00:44 - 2014-09-23 06:07 - 08577864 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 00:44 - 2014-09-23 06:07 - 00331592 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 00:44 - 2014-09-23 06:06 - 01660232 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 00:44 - 2014-09-23 06:07 - 14891848 _____ () C:\Users\*******\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Google Update => "C:\Users\*******\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LWS => C:\Installationen\Webcam Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\grafiktreiber\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Installationen\steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-295951725-620095448-2388595162-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-295951725-620095448-2388595162-501 - Enabled - Status: OK) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-295951725-620095448-2388595162-1003 - Enabled - Status: OK)
Party (S-1-5-21-295951725-620095448-2388595162-1004 - Enabled - Status: OK) => C:\Users\Party
******* (S-1-5-21-295951725-620095448-2388595162-1000 - Enabled - Status: OK) => C:\Users\*******

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 07:02:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/25/2014 08:08:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 07:26:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2014 01:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 02:27:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2014 11:01:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2014 09:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2014 05:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 08:01:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2014 08:35:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/16/2014 10:47:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (09/14/2014 11:17:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (09/12/2014 02:02:26 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa800831a060, 0xfffff80000ba2748, 0xfffffa800a8a3e10)C:\Windows\MEMORY.DMP091214-15334-01

Error: (08/24/2014 07:43:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/24/2014 07:43:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/24/2014 07:43:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/20/2014 10:40:44 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C5FF8F6C-19EE-40A5-8667-BA15A39E51FF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/19/2014 11:18:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "ARCANIS        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.101
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/19/2014 11:18:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "ARCANIS        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.101
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/19/2014 10:56:49 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "ARCANIS        :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.101
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.


Microsoft Office Sessions:
=========================
Error: (04/05/2013 01:59:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 73 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:58:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:57:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 128 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:55:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 755 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:41:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:40:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 110 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/05/2013 01:37:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16813 seconds with 9660 seconds of active time.  This session ended with a crash.

Error: (02/19/2013 06:17:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11312 seconds with 3540 seconds of active time.  This session ended with a crash.

Error: (10/11/2012 01:39:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 342 seconds with 120 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8104.67 MB
Available physical RAM: 6240.76 MB
Total Pagefile: 16207.52 MB
Available Pagefile: 14181.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:704.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 13611BA7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 27.09.2014 19:12
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:
    WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Arcanis 27.09.2014 21:30
Hallo schrauber,

ich wollte dir nur mitteilen, dass ich bis Sonntag Abend (also morgen Abend) nicht mehr an dem betroffenen PC bin, da ich das Wochenende über nicht zu Hause bin.

Die logs und Programmdurchläufe gibt es dementsprechend erst Sonntag Abend.

Freundliche Grüße,

Arcanis

schrauber 28.09.2014 13:36
ok :)

Arcanis 28.09.2014 21:48
Anbei das Combofix logfile!:)


Combofix Logfile:
Code:
ComboFix 14-09-29.02 - ****** 28.09.2014  22:40:40.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8105.4343 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HirezPipeError.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-28 bis 2014-09-28  ))))))))))))))))))))))))))))))
.
.
2014-09-28 20:38 . 2014-09-28 20:38        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7A162E9-0088-4227-BC2D-BE86232D1D14}\offreg.dll
2014-09-28 20:38 . 2014-09-16 18:45        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F522621-4CFD-47C5-846B-F5B2DA636FBE}\gapaengine.dll
2014-09-28 20:37 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7A162E9-0088-4227-BC2D-BE86232D1D14}\mpengine.dll
2014-09-26 18:09 . 2014-09-26 18:10        --------        d-----w-        C:\FRST
2014-09-25 18:19 . 2014-09-16 18:45        1188440        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18532533-7983-471E-9B67-C294CD6CE1B7}\gapaengine.dll
2014-09-25 18:18 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-22 09:01 . 2014-09-22 09:01        --------        d-----w-        c:\program files (x86)\Skype
2014-09-22 09:01 . 2014-09-22 09:01        --------        d-----w-        c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-23 21:58 . 2013-04-08 19:10        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-23 21:58 . 2013-04-07 19:55        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 06:42 . 2010-11-21 03:27        278152        ------w-        c:\windows\system32\MpSigStub.exe
2014-09-16 18:45 . 2012-06-12 16:15        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        131480        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\installationen\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Razer Naga Driver"="c:\installationen\Razer Maus Driver\NagaEpicSysTray.exe" [2010-12-30 957840]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\installationen\Smite\HiPatchService.exe;c:\installationen\Smite\HiPatchService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 21:58]
.
2014-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 18:23]
.
2014-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-30 08:01        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-30 08:01        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-30 08:01        3358064        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08        164760        ----a-w-        c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-28  22:45:44
ComboFix-quarantined-files.txt  2014-09-28 20:45
.
Vor Suchlauf: 12 Verzeichnis(se), 760.565.755.904 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 762.454.597.632 Bytes frei
.
- - End Of File - - CCAD148222565B8FF053284C06039451
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber 29.09.2014 16:11
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Arcanis 29.09.2014 19:23
Hey schrauber :)

anbei die logfiles der einzelnen tool runs:


mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 29.09.2014
Suchlauf-Zeit: 20:01:07
Logdatei: mbam log.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.29.10
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 395958
Verstrichene Zeit: 6 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, 1384, Löschen bei Neustart, [c8a66e85f9822a0c9109ad04738eca36]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 10
PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [c8a66e85f9822a0c9109ad04738eca36],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [1d51bd36fa8142f4991fb9dc0ff313ed],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [f777eb085e1d20166158a2d65fa5629e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [412d688b1269f0462870d53def14ad53],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [4f1f747f007bcc6a4fdcb9b4669e669a],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [3e308b68245789ad4c4b0f0322e1fe02],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-295951725-620095448-2388595162-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d7974ea5097292a417391df7808348b8],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-295951725-620095448-2388595162-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [9cd201f2f08b89ade072f9499d665ba5],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-295951725-620095448-2388595162-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [402eb93a2457e94d06a9bf9941c3fd03],
PUP.Optional.Softonic.A, HKU\S-1-5-21-295951725-620095448-2388595162-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [fb73886b5526d264038ab9782ad96d93],

Registrierungswerte: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [3e308b68245789ad4c4b0f0322e1fe02]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-295951725-620095448-2388595162-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [402eb93a2457e94d06a9bf9941c3fd03]

Registrierungsdaten: 2
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}),Ersetzt,[2d41fdf63a418fa71bcdb75a95703ec2]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1408381098&from=cor&uid=ST1000DM005XHD103SJ_S246J9GC318506&q={searchTerms}),Ersetzt,[640aed0697e411251bb1937354b101ff]

Ordner: 6
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [aac48d6691eaed49764dbc3701018b75],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [aac48d6691eaed49764dbc3701018b75],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\log, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],

Dateien: 34
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [c8a66e85f9822a0c9109ad04738eca36],
PUP.Optional.Softonic, C:\Users\******\Downloads\SoftonicDownloader_fuer_tibia.exe, In Quarantäne, [3f2f25ce6318e2549d1d17ff8f72e21e],
PUP.Optional.4Shared, C:\Users\******\Downloads\graphpad prism 5.exe, In Quarantäne, [15599d56215a59ddbed8c757c63a7f81],
PUP.Optional.InstallCore, C:\Users\******\Downloads\CR_Downloader_fuer_no$gba.exe, In Quarantäne, [244a3bb8027986b05570bc3eb64e7090],
PUP.Optional.4Shared, C:\Users\******\Downloads\[æ?¥æ?¬èª?] Easy Rider - Rycanthropy (Gai Mizuki).exe, In Quarantäne, [204e579c502be452a8ee8d9158a80ef2],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [aac48d6691eaed49764dbc3701018b75],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\244.json, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\MessageBox.xml, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\un.ini, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\uninstallDlg2.xml, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\UninstallManager.exe, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\bg.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\bg1.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\bk_shadow.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\button.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\button1.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\checkbox.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\checkbox_select.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\checked.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\close.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\loading_bg.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\loading_light.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\min.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\scrollbar.bmp, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\Thumbs.db, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\unchecked.png, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code1.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code2.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code3.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code4.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code5.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\code6.jpg, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\images\code\Thumbs.db, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],
PUP.Optional.SweetPage.A, C:\Users\******\AppData\Roaming\sweet-page\log\UninstallManager_2014-09-23[13-07-29-015].log, In Quarantäne, [db9334bf3c3ff93d9e6bb65344bf0af6],

Physische Sektoren: 0
(No malicious items detected)


(end)


adwCleaner:AdwCleaner Logfile:
Code:
# AdwCleaner v3.310 - Bericht erstellt am 29/09/2014 um 20:13:45
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ****** - ARCANIS
# Gestartet von : C:\Users\******\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tibia_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_tibia_RASMANCS
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Google Chrome v

[ Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1606 octets] - [29/09/2014 20:13:06]
AdwCleaner[S0].txt - [1325 octets] - [29/09/2014 20:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1385 octets] ##########
--- --- ---


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Professional x64
Ran by Patrick Rast on 29.09.2014 at 20:17:18,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2014 at 20:19:01,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frisches FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by ****** (administrator) on ARCANIS on 29-09-2014 20:20:05
Running from C:\Users\******\Desktop
Loaded Profile: ****** (Available profiles: ****** & Party & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Installationen\Smite\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Installationen\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer USA Ltd) C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe [957840 2010-12-30] (Razer USA Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-295951725-620095448-2388595162-1000\...\Run: [Skype] => C:\Installationen\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\******\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Logitech Device Detection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll (Logitech, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\******\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-27]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-27]
CHR Extension: (Logitech Device Detection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2012-07-10]
CHR Extension: (AdBlock) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-27]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-27]
CHR StartMenuInternet: Google Chrome - C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HiPatchService; C:\Installationen\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 20:19 - 2014-09-29 20:19 - 00000632 _____ () C:\Users\******\Desktop\JRT.txt
2014-09-29 20:17 - 2014-09-29 20:17 - 00000000 ____D () C:\Windows\ERUNT
2014-09-29 20:15 - 2014-09-29 20:15 - 00001447 _____ () C:\Users\******\Desktop\AdwCleaner[S0].txt
2014-09-29 20:12 - 2014-09-29 20:13 - 00000000 ____D () C:\AdwCleaner
2014-09-29 19:59 - 2014-09-29 20:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 19:59 - 2014-09-29 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 19:59 - 2014-09-29 19:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-29 19:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 19:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 19:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 19:58 - 2014-09-29 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 19:58 - 2014-09-29 19:58 - 01699276 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-09-29 19:58 - 2014-09-29 19:58 - 01373475 _____ () C:\Users\******\Desktop\AdwCleaner_3.310.exe
2014-09-28 22:45 - 2014-09-28 22:45 - 00018307 _____ () C:\ComboFix.txt
2014-09-28 22:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 22:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 22:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 22:35 - 2014-09-28 22:45 - 00000000 ____D () C:\Qoobox
2014-09-28 22:35 - 2014-09-28 22:44 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 22:34 - 2014-09-28 22:34 - 05582345 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-09-28 22:34 - 2014-09-28 22:34 - 05582345 _____ (Swearware) C:\Users\******\Downloads\ComboFix.exe
2014-09-28 22:29 - 2014-09-28 22:30 - 00000000 ____D () C:\Users\******\Desktop\Revo Uninstalle
2014-09-28 22:28 - 2014-09-28 22:29 - 03007700 _____ () C:\Users\******\Downloads\revouninstaller.zip
2014-09-26 20:19 - 2014-09-26 20:21 - 00002238 _____ () C:\Users\******\Desktop\Gmer.log
2014-09-26 20:11 - 2014-09-26 20:11 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-09-26 20:11 - 2014-09-26 20:11 - 00380416 _____ () C:\Users\******\Desktop\Gmer-19357.exe
2014-09-26 20:10 - 2014-09-26 20:21 - 00037649 _____ () C:\Users\******\Desktop\Addition.txt
2014-09-26 20:09 - 2014-09-29 20:20 - 00011977 _____ () C:\Users\******\Desktop\FRST.txt
2014-09-26 20:09 - 2014-09-29 20:20 - 00000000 ____D () C:\FRST
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-09-26 20:08 - 2014-09-26 20:08 - 00000486 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-12 02:02 - 2014-09-12 02:02 - 01003664 _____ () C:\Windows\Minidump\091214-15334-01.dmp
2014-09-08 20:49 - 2014-09-08 20:49 - 00001891 _____ () C:\Users\******\Downloads\Public.zip
2014-09-08 03:52 - 2014-09-08 03:52 - 15205205 _____ () C:\Users\******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.1.rar
2014-09-08 03:50 - 2014-09-08 03:50 - 09634456 _____ () C:\Users\******\Downloads\Me And Uncle - Takase Tsukasa (1).rar
2014-09-08 03:48 - 2014-09-08 03:48 - 21486253 _____ () C:\Users\******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.2.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 20:15 - 2012-07-03 18:43 - 00000000 ___RD () C:\Users\******\Dropbox
2014-09-29 20:15 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-09-29 20:15 - 2012-04-27 20:25 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-09-29 20:14 - 2012-04-27 01:54 - 01388422 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 20:14 - 2010-11-21 05:47 - 00169540 _____ () C:\Windows\PFRO.log
2014-09-29 20:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-29 20:14 - 2009-07-14 06:51 - 00110032 _____ () C:\Windows\setupact.log
2014-09-29 20:14 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-29 20:14 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-29 20:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-29 20:05 - 2012-05-01 19:13 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-09-29 19:58 - 2013-04-08 21:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-29 00:42 - 2012-04-27 20:23 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA.job
2014-09-28 22:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-28 22:42 - 2012-04-27 20:23 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core.job
2014-09-28 22:38 - 2012-04-28 10:05 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-09-26 22:09 - 2012-04-27 20:30 - 00000000 ____D () C:\Users\******\AppData\Local\PMB Files
2014-09-26 20:12 - 2012-07-16 22:26 - 02000896 ___SH () C:\Users\******\Desktop\Thumbs.db
2014-09-26 20:08 - 2012-04-27 19:53 - 00000000 ____D () C:\Users\******
2014-09-26 19:15 - 2012-04-27 20:30 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-25 00:44 - 2012-04-27 20:24 - 00002390 _____ () C:\Users\******\Desktop\Google Chrome.lnk
2014-09-23 23:58 - 2013-04-08 21:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:58 - 2013-04-08 21:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 23:58 - 2013-04-07 21:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 11:01 - 2014-03-16 21:11 - 00002495 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-22 11:01 - 2012-04-27 20:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 11:01 - 2012-04-27 20:24 - 00000000 ___RD () C:\Installationen
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 18:26 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-12 02:02 - 2012-05-23 19:38 - 491413942 _____ () C:\Windows\MEMORY.DMP
2014-09-12 02:02 - 2012-05-23 19:38 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hichv.dll
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 22:22

==================== End Of Log ============================
--- --- ---


danke für deine Hilfe! =)

schrauber 30.09.2014 15:20

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Arcanis 30.09.2014 20:47
hier die logs :)
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by ****** (administrator) on ARCANIS on 30-09-2014 21:23:45
Running from C:\Users\******\Desktop
Loaded Profile: ****** (Available profiles: ****** & Party & Gast)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Installationen\Smite\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Installationen\Phone\Skype.exe
(Razer USA Ltd) C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Installationen\LoL\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Installationen\LoL\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.223\deploy\LoLLauncher.exe
() C:\Installationen\LoL\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.7\deploy\LoLPatcher.exe
() C:\Installationen\LoL\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.112\deploy\LolClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Installationen\LoL\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.56\deploy\League of Legends.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Installationen\Razer Maus Driver\NagaEpicSysTray.exe [957840 2010-12-30] (Razer USA Ltd)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-295951725-620095448-2388595162-1000\...\Run: [Skype] => C:\Installationen\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\******\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\******\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\******\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Logitech Device Detection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll (Logitech, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\******\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-27]
CHR Extension: (Google Search) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-27]
CHR Extension: (Logitech Device Detection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno [2012-07-10]
CHR Extension: (AdBlock) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-04-27]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-12]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-27]
CHR StartMenuInternet: Google Chrome - C:\Users\******\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HiPatchService; C:\Installationen\Smite\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 21:23 - 2014-09-30 21:23 - 00000962 _____ () C:\Users\******\Desktop\checkup.txt
2014-09-30 20:10 - 2014-09-30 20:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-30 20:09 - 2014-09-30 20:09 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_deu.exe
2014-09-30 20:09 - 2014-09-30 20:09 - 00854417 _____ () C:\Users\******\Downloads\SecurityCheck.exe
2014-09-30 20:09 - 2014-09-30 20:09 - 00854417 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2014-09-29 20:19 - 2014-09-29 20:19 - 00000632 _____ () C:\Users\******\Desktop\JRT.txt
2014-09-29 20:17 - 2014-09-29 20:17 - 00000000 ____D () C:\Windows\ERUNT
2014-09-29 20:15 - 2014-09-29 20:15 - 00001447 _____ () C:\Users\******\Desktop\AdwCleaner[S0].txt
2014-09-29 20:12 - 2014-09-29 20:13 - 00000000 ____D () C:\AdwCleaner
2014-09-29 19:59 - 2014-09-29 20:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 19:59 - 2014-09-29 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 19:59 - 2014-09-29 19:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-29 19:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 19:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 19:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 19:58 - 2014-09-29 19:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 19:58 - 2014-09-29 19:58 - 01699276 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-09-29 19:58 - 2014-09-29 19:58 - 01373475 _____ () C:\Users\******\Desktop\AdwCleaner_3.310.exe
2014-09-28 22:45 - 2014-09-28 22:45 - 00018307 _____ () C:\ComboFix.txt
2014-09-28 22:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 22:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 22:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 22:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 22:35 - 2014-09-28 22:45 - 00000000 ____D () C:\Qoobox
2014-09-28 22:35 - 2014-09-28 22:44 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 22:34 - 2014-09-28 22:34 - 05582345 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-09-28 22:34 - 2014-09-28 22:34 - 05582345 _____ (Swearware) C:\Users\******\Downloads\ComboFix.exe
2014-09-28 22:29 - 2014-09-28 22:30 - 00000000 ____D () C:\Users\******\Desktop\Revo Uninstalle
2014-09-28 22:28 - 2014-09-28 22:29 - 03007700 _____ () C:\Users\******\Downloads\revouninstaller.zip
2014-09-26 20:19 - 2014-09-26 20:21 - 00002238 _____ () C:\Users\******\Desktop\Gmer.log
2014-09-26 20:11 - 2014-09-26 20:11 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-09-26 20:11 - 2014-09-26 20:11 - 00380416 _____ () C:\Users\******\Desktop\Gmer-19357.exe
2014-09-26 20:10 - 2014-09-26 20:21 - 00037649 _____ () C:\Users\******\Desktop\Addition.txt
2014-09-26 20:09 - 2014-09-30 21:23 - 00012708 _____ () C:\Users\******\Desktop\FRST.txt
2014-09-26 20:09 - 2014-09-30 21:23 - 00000000 ____D () C:\FRST
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-09-26 20:09 - 2014-09-26 20:09 - 02108928 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-09-26 20:08 - 2014-09-26 20:08 - 00000486 _____ () C:\Users\******\Desktop\defogger_disable.log
2014-09-26 20:08 - 2014-09-26 20:08 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\******\Downloads\Defogger.exe
2014-09-26 20:07 - 2014-09-26 20:07 - 00050477 _____ () C:\Users\******\Desktop\Defogger.exe
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 11:01 - 2014-09-22 11:01 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-09-12 02:02 - 2014-09-12 02:02 - 01003664 _____ () C:\Windows\Minidump\091214-15334-01.dmp
2014-09-08 20:49 - 2014-09-08 20:49 - 00001891 _____ () C:\Users\******\Downloads\Public.zip
2014-09-08 03:52 - 2014-09-08 03:52 - 15205205 _____ () C:\Users\******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.1.rar
2014-09-08 03:50 - 2014-09-08 03:50 - 09634456 _____ () C:\Users\******\Downloads\Me And Uncle - Takase Tsukasa (1).rar
2014-09-08 03:48 - 2014-09-08 03:48 - 21486253 _____ () C:\Users\******\Downloads\Tsukasa Matsuzaki - Unfaithfulness Pt.2.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 21:24 - 2012-04-27 20:30 - 00000000 ____D () C:\Users\******\AppData\Local\PMB Files
2014-09-30 21:22 - 2012-04-27 20:25 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-09-30 20:58 - 2013-04-08 21:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-30 20:42 - 2012-04-27 20:23 - 00001148 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000UA.job
2014-09-30 20:20 - 2012-04-27 01:54 - 01773267 _____ () C:\Windows\WindowsUpdate.log
2014-09-30 20:17 - 2009-07-14 06:51 - 00110144 _____ () C:\Windows\setupact.log
2014-09-30 11:24 - 2012-05-01 19:13 - 00000000 ____D () C:\Users\******\AppData\Local\Adobe
2014-09-30 11:21 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-30 11:21 - 2009-07-14 06:45 - 00022000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-30 11:15 - 2012-07-03 18:43 - 00000000 ___RD () C:\Users\******\Dropbox
2014-09-30 11:15 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-09-30 11:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-29 22:42 - 2012-04-27 20:23 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295951725-620095448-2388595162-1000Core.job
2014-09-29 20:14 - 2010-11-21 05:47 - 00169540 _____ () C:\Windows\PFRO.log
2014-09-29 20:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-09-28 22:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-28 22:38 - 2012-04-28 10:05 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-09-26 20:12 - 2012-07-16 22:26 - 02000896 ___SH () C:\Users\******\Desktop\Thumbs.db
2014-09-26 20:08 - 2012-04-27 19:53 - 00000000 ____D () C:\Users\******
2014-09-26 19:15 - 2012-04-27 20:30 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-25 00:44 - 2012-04-27 20:24 - 00002390 _____ () C:\Users\******\Desktop\Google Chrome.lnk
2014-09-23 23:58 - 2013-04-08 21:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:58 - 2013-04-08 21:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 23:58 - 2013-04-07 21:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 11:01 - 2014-03-16 21:11 - 00002495 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-22 11:01 - 2012-04-27 20:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-22 11:01 - 2012-04-27 20:24 - 00000000 ___RD () C:\Installationen
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 18:26 - 2012-07-03 18:42 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-12 02:02 - 2012-05-23 19:38 - 491413942 _____ () C:\Windows\MEMORY.DMP
2014-09-12 02:02 - 2012-05-23 19:38 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfvks_q.dll
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-30 11:36

==================== End Of Log ============================
--- --- ---

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=31760119d5c9fd438f9232e9efdede3b
# engine=20373
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-30 07:05:54
# local_time=2014-09-30 09:05:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 42339063 83397576 0 0
# scanned=193494
# found=0
# cleaned=0
# scan_time=3209


Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 15.0.0.152
Mozilla Thunderbird 16.0.1 Thunderbird out of Date!
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Der PC ist auf jeden fall schneller und ich seh auch weniger Pop Ups :)

vielen Danke =D

schrauber 01.10.2014 12:35
Java und Thunderbird updaten.


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Arcanis 04.10.2014 18:25
Hey schrauber!

Vielen Dank für die nützlichen Tips und alles ist besser geworden!

Ich bedanke mich für deine Hilfe :)

schrauber 05.10.2014 14:52
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131