Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: InetStat, Werbung im Browser (https://www.trojaner-board.de/159812-windows-7-inetstat-werbung-browser.html)

Nikiwie 16.10.2014 17:01
Windows 7: InetStat, Werbung im Browser
 
Hallo fleißige Helfer,
ich habe seit gewisser Zeit ein Problem wenn ich im Internet surfe.
Überall taucht Werbung auf und willkürlich werden Worte unterstrichen und erscheinen in rot.
Naja, erstmal alles an Programmen runter geschmissen was ich nicht kannte und siehe da, was blieb über? InetStat..
Kann es aber jetzt nicht einfach deinstallieren, da ich eine Fehlermeldung erhalte: "Sie verfügen nicht über ausreichende Berechtigungen, um InetStat zu deinstallieren. Wenden Sie sich bitte an den Systemadministrator."
Weiß nun auch keinen Rat mehr und bin auf dieses Forum gestoßen. Ich hoffe hier kann mir geholfen werden.

Habe schon mal meine Logs vorbereitet :kloppen:

FRST Log:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Niklas (administrator) on NIKLAS-PC on 16-10-2014 16:01:45
Running from C:\Users\Niklas\Desktop
Loaded Profile: Niklas (Available profiles: Niklas & Mcx1-NIKLAS-PC & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Niklas\AppData\Roaming\Spotify\spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [fst_de_34] => [X]
HKLM-x32\...\Run: [fst_de_37] => [X]
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\RunOnce: [Search Extensions Program Files Data Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Search Extensions"
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Run: [InetStat] => "C:true\Application Data\InetStat\inetstat.exe" /c=14
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\MountPoints2: {063a95f6-d050-11e2-8b6d-90fba6c02f13} - G:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-944339141-425316552-3423673361-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7xfQwv4EKoRm38CCUFNQoKjSJSWotdj4qGV7fK3b1qDDDOkXku8L0QBQLwM,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D385D814A4DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7xfQwv4EKoRm38CCUFNQoKjSJSWotdj4qGV7fK3b1qDDDOkXku8L0QBQLwM,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7xfQwv4EKoRm38CCUFNQoKjSJSWotdj4qGV8_cuTCtfP0jK8opUlC-KN3Q,,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7xfQwv4EKoRm38CCUFNQoKjSJSWotdj4qGV8_cuTCtfP0jK8opUlC-KN3Q,,&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7xfQwv4EKoRm38CCUFNQoKjSJSWotdj4qGV7fK3b1qDDDOkXku8L0QBQLwM,&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1402411445&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1413463946&from=amt&uid=ST9500325AS_6VEECGNJ
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\faststartff@gmail.com [2014-07-23]
FF Extension: Boost - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\boost@boost.net.xpi [2014-09-19]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\extensions\quick_start@gmail.com

Chrome:
=======
CHR Profile: C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Google-Suche) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Skype Click to Call) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () [File not signed]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [X]
S2 zoomify; "C:\PROGRA~3\zoomify2\110~1.25\zoomify.exe" /ts2=1 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-06-09] (StdLib)
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64.sys [61112 2014-06-20] (StdLib)
U3 DfSdkS; No ImagePath
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 16:01 - 2014-10-16 16:03 - 00021420 _____ () C:\Users\Niklas\Desktop\FRST.txt
2014-10-16 16:01 - 2014-10-16 16:01 - 00000000 ____D () C:\FRST
2014-10-16 15:59 - 2014-10-16 15:59 - 02111488 _____ (Farbar) C:\Users\Niklas\Desktop\FRST64.exe
2014-10-16 15:58 - 2014-10-16 15:58 - 00000474 _____ () C:\Users\Niklas\Desktop\defogger_disable.log
2014-10-16 15:58 - 2014-10-16 15:58 - 00000000 _____ () C:\Users\Niklas\defogger_reenable
2014-10-16 15:52 - 2014-10-16 15:52 - 00050477 _____ () C:\Users\Niklas\Downloads\Defogger (1).exe
2014-10-16 15:52 - 2014-10-16 15:52 - 00050477 _____ () C:\Users\Niklas\Desktop\Defogger.exe
2014-10-15 14:18 - 2014-10-15 14:18 - 00001350 _____ () C:\Users\Peter\Desktop\Clean Registry for Free!.lnk
2014-10-15 14:12 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:12 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:11 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:11 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:11 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:11 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:11 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:11 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:11 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:11 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:11 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:11 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:10 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 14:10 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 14:10 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:10 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:10 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:10 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:10 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:10 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:10 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:10 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:10 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:10 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:10 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:10 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:10 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:10 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:10 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:10 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:10 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:10 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:09 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 14:09 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 14:09 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:09 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:09 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:09 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:09 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:09 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:09 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 14:09 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:09 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:09 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:09 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 14:09 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 14:09 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 14:09 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:09 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:09 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 14:09 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:09 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:09 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:09 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 14:09 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 14:09 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 14:09 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:09 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:09 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 14:09 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 14:09 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:09 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 14:09 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:09 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:09 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:09 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 14:09 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:09 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:09 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 14:09 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:09 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 14:09 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 14:09 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 14:09 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:09 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 14:09 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:09 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 14:09 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:09 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:09 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 14:09 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:09 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 14:08 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:08 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:08 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:08 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:08 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:08 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 14:08 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 14:08 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:08 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 14:08 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 14:08 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:08 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:08 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:08 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:08 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:08 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:08 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 17:42 - 2014-10-14 17:42 - 00003888 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-10-13 15:59 - 2014-10-13 15:59 - 00002495 _____ () C:\Users\Niklas\Desktop\Green Line 2.lnk
2014-10-07 18:03 - 2014-10-07 18:12 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0
2014-10-07 18:03 - 2014-10-07 18:03 - 00000000 ____D () C:\Users\Peter\.thumbnails
2014-10-07 16:54 - 2014-10-14 17:42 - 00000000 ____D () C:\Users\Peter\.gimp-2.8
2014-10-07 16:54 - 2014-10-07 16:54 - 00000894 _____ () C:\Users\Peter\Desktop\GIMP 2.lnk
2014-10-07 16:54 - 2014-10-07 16:54 - 00000000 ____D () C:\Users\Peter\AppData\Local\gegl-0.2
2014-10-07 16:53 - 2014-10-07 16:53 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-07 16:51 - 2014-10-07 16:53 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-07 16:39 - 2014-10-07 16:42 - 91670064 _____ (The GIMP Team ) C:\Users\Peter\Downloads\gimp-2.8.14-setup.exe
2014-10-04 17:13 - 2014-10-04 17:13 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Systweak
2014-10-04 15:29 - 2014-10-04 15:29 - 00000000 ____D () C:\ProgramData\zoomify2
2014-10-04 15:27 - 2014-10-04 15:27 - 00004030 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-04 15:26 - 2014-10-16 15:19 - 00000000 ____D () C:\Users\Niklas\AppData\Roaming\Systweak
2014-10-04 15:26 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-10-04 15:25 - 2014-10-16 15:20 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-10-04 12:32 - 2014-10-04 12:32 - 01393232 _____ () C:\Users\Peter\Downloads\Setup v2 1.exe
2014-10-04 12:18 - 2014-10-13 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-04 12:18 - 2014-10-04 12:18 - 00000944 _____ () C:\Users\Peter\Desktop\LogMeIn Hamachi.lnk
2014-10-04 12:18 - 2014-10-04 12:18 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-04 12:12 - 2014-10-14 17:36 - 00000000 ____D () C:\Users\Peter\Desktop\Server
2014-10-04 12:02 - 2014-10-04 12:03 - 10769744 _____ () C:\Users\Peter\Downloads\minecraft_server.1.8.exe
2014-10-02 14:17 - 2014-10-02 14:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 14:17 - 2014-10-02 14:17 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 14:17 - 2014-10-02 14:17 - 00000000 ____D () C:\Users\Peter\AppData\Local\Skype
2014-10-02 14:17 - 2014-10-02 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 14:15 - 2014-10-02 14:15 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Peter\Downloads\SkypeSetup.exe
2014-10-01 22:21 - 2014-10-01 22:21 - 01162634 _____ () C:\Users\Niklas\Documents\1970er.odp
2014-10-01 22:08 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 22:08 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 22:02 - 2014-10-01 22:03 - 00739767 _____ () C:\Users\Niklas\Downloads\1970er.odp
2014-09-27 18:10 - 2014-10-13 15:48 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2014-09-25 13:45 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 13:45 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-20 10:58 - 2014-09-20 10:58 - 02346942 _____ () C:\Users\Peter\Downloads\TechnicLauncher (3).exe
2014-09-20 10:55 - 2014-09-20 10:55 - 02346942 _____ () C:\Users\Peter\Downloads\TechnicLauncher (2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 15:58 - 2013-05-09 20:53 - 00000000 ____D () C:\Users\Niklas
2014-10-16 15:56 - 2013-05-10 11:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 15:54 - 2013-05-17 10:20 - 00000000 ____D () C:\Users\Niklas\AppData\Roaming\Spotify
2014-10-16 15:53 - 2013-05-17 10:20 - 00000000 ____D () C:\Users\Niklas\AppData\Local\Spotify
2014-10-16 15:48 - 2013-05-14 21:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 15:32 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 15:32 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 15:16 - 2013-05-09 13:30 - 01899664 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 15:13 - 2013-05-15 13:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 15:06 - 2014-05-31 09:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-16 15:06 - 2013-10-06 12:25 - 00000000 ____D () C:\Users\Niklas\AppData\Roaming\Skype
2014-10-16 15:04 - 2013-05-16 18:13 - 00060466 _____ () C:\Windows\setupact.log
2014-10-16 14:53 - 2014-07-20 08:03 - 00000000 ____D () C:\Users\Niklas\AppData\Local\LogMeIn Hamachi
2014-10-16 14:52 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 14:51 - 2013-05-10 11:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 14:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 14:47 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 14:45 - 2009-07-14 06:45 - 00299120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 14:42 - 2014-05-09 18:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 16:27 - 2013-08-20 13:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:19 - 2013-05-10 11:25 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 16:18 - 2014-07-19 09:42 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn Hamachi
2014-10-15 14:25 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.minecraft
2014-10-13 16:43 - 2014-06-23 14:16 - 00000000 ____D () C:\Users\Peter\Documents\Klett
2014-10-13 16:31 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-13 16:31 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-13 16:31 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 15:59 - 2013-11-24 14:14 - 00000000 ____D () C:\Users\Niklas\Documents\Klett
2014-10-07 18:03 - 2014-05-10 11:49 - 00000000 ____D () C:\Users\Peter
2014-10-04 17:12 - 2013-11-07 20:00 - 00127648 _____ () C:\Windows\PFRO.log
2014-10-02 14:17 - 2013-10-06 12:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-30 09:13 - 2013-06-11 13:55 - 00013643 _____ () C:\Users\Niklas\Documents\Stundenzettel.ods
2014-09-30 09:08 - 2013-05-29 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 13:58 - 2013-05-10 12:01 - 00002355 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 13:48 - 2013-05-14 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 13:48 - 2013-05-14 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 13:48 - 2013-05-14 21:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 08:42 - 2013-05-10 09:04 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Niklas\AppData\Local\Temp\avgnt.exe
C:\Users\Niklas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Niklas\AppData\Local\Temp\DownloadFileSetup_s.exe
C:\Users\Niklas\AppData\Local\Temp\DownloadSetup__2299_i827149855_il1729930.exe
C:\Users\Niklas\AppData\Local\Temp\DownloadSetup__2299_i827160129_il1731687.exe
C:\Users\Niklas\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Niklas\AppData\Local\Temp\instructionsBv3.exe
C:\Users\Niklas\AppData\Local\Temp\nsw2EA2.exe
C:\Users\Niklas\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Niklas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite28376.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite38150.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite55326.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite78029.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite86114.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite93209.dll
C:\Users\Niklas\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Niklas\AppData\Local\Temp\wdmasetup.exe
C:\Users\Niklas\AppData\Local\Temp\_is936B.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-29 11:10

==================== End Of Log ============================

Addition-Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Niklas at 2014-10-16 16:04:13
Running from C:\Users\Niklas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABC-Schutz-Simulator Version 1.0 (HKLM-x32\...\{0B0ADD81-270D-44C7-8AA9-882A42F2EC22}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{1C3FF45C-BAC7-9852-2000-2F0ACD40D5BE}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0909.1412.23625 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0909.1412.23625 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Firefighters 2014 (HKLM-x32\...\Steam App 291910) (Version:  - VIS - Visual Imagination Software)
Flughafen-Feuerwehr-Simulator Version 1.0 (HKLM-x32\...\{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Green Line 2 Sprachtrainer (HKLM-x32\...\{16281EBA-AA00-44D2-BC8B-06F3C3380DA1}) (Version: 1.00.000 - Klett)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
phase5 (HKLM-x32\...\phase5) (Version: 09.09.2003 - Hans-Dieter Berretz)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-09-2014 16:12:56 Windows Update
20-09-2014 09:07:06 Windows Update
25-09-2014 11:51:11 Windows Update
25-09-2014 12:28:37 Windows Update
30-09-2014 07:03:14 Windows Update
02-10-2014 11:54:00 Windows Update
04-10-2014 10:15:10 Installed LogMeIn Hamachi
04-10-2014 10:16:14 Installed LogMeIn Hamachi
04-10-2014 13:23:36 Installed LogMeIn Hamachi
06-10-2014 14:30:02 Windows Update
10-10-2014 14:32:16 Windows Update
13-10-2014 13:50:54 Installiert Green Line 2 Sprachtrainer
14-10-2014 15:46:53 Windows Update
15-10-2014 12:14:30 Windows Update
15-10-2014 14:18:51 Windows Update
16-10-2014 13:10:04 Entfernt Green Line 1 Sprachtrainer
16-10-2014 13:21:33 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1A318266-C6CE-41A0-8946-DC2B54FC40FE} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2C18B2C2-FFD0-4919-BE2C-3DB1DC552182} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {41E7B475-B470-4C21-94DA-E1FC866FC98B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {77272C38-DF68-4D7C-9331-D9575E51EEAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A0EA9E02-452D-4892-A414-F8E8B58A4165} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {A2A599C3-734A-4874-A6BF-41218C0D9812} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C9BEEE6A-A339-4738-8FCE-01DDEF6A596C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {D673AD14-B7C1-4AAF-8446-A7D76ECB35B4} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-NIKLAS-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-15 13:28 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-06-10 16:45 - 2014-05-08 11:45 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2010-09-09 15:50 - 2010-09-09 15:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 14:11 - 2010-09-09 14:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-28 19:51 - 2014-10-16 15:24 - 00613944 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-06-10 16:45 - 2014-05-08 11:45 - 00061952 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-06-10 16:45 - 2014-05-08 11:45 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-06-10 16:45 - 2014-10-16 14:50 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2013-05-17 10:20 - 2014-10-16 15:24 - 36966968 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-10-16 15:11 - 2014-10-16 15:24 - 00867896 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-28 19:51 - 2014-10-16 15:24 - 00886840 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-28 19:51 - 2014-10-16 15:24 - 00108600 _____ () C:\Users\Niklas\AppData\Roaming\Spotify\Data\libegl.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-944339141-425316552-3423673361-500 - Administrator - Disabled)
Gast (S-1-5-21-944339141-425316552-3423673361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-944339141-425316552-3423673361-1002 - Limited - Enabled)
Mcx1-NIKLAS-PC (S-1-5-21-944339141-425316552-3423673361-1004 - Limited - Enabled) => C:\Users\Mcx1-NIKLAS-PC.Niklas-PC
Niklas (S-1-5-21-944339141-425316552-3423673361-1000 - Administrator - Enabled) => C:\Users\Niklas
Peter (S-1-5-21-944339141-425316552-3423673361-1005 - Limited - Enabled) => C:\Users\Peter

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 02:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5e4
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/15/2014 02:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x16a4
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/14/2014 05:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0xc18
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/13/2014 02:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5a8
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/13/2014 02:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x1354
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/11/2014 04:03:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RegCleanPro.exe, Version 6.21.65.2763 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 958

Startzeit: 01cfe55bb2c9e86d

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

Berichts-ID: 59b79388-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 04:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/11/2014 09:47:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x6a8
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/11/2014 09:46:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/10/2014 04:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5b4
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3


System errors:
=============
Error: (10/16/2014 03:20:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "wzoomifyd" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 03:20:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:20:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 03:19:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (10/15/2014 02:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905e401cfe86df4126b31C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exe3810af7d-5465-11e4-a19d-c34678e1e992

Error: (10/15/2014 02:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2016a401cfe871e39e5c13C:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe2bbb582a-5465-11e4-a19d-c34678e1e992

Error: (10/14/2014 05:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b20c1801cfe7c4652db87eC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exeb74f64da-53b7-11e4-ae78-9415ac3b5c96

Error: (10/13/2014 02:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905a801cfe6e1de61e1d1C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exe3fd3c266-52d5-11e4-9243-f13c19d0f490

Error: (10/13/2014 02:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b20135401cfe6e1fe0b174dC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe3dade487-52d5-11e4-9243-f13c19d0f490

Error: (10/11/2014 04:03:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RegCleanPro.exe6.21.65.276395801cfe55bb2c9e86d6C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe59b79388-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 04:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2098001cfe55bb4126653C:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe066b3fb8-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 09:47:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275906a801cfe5275e8523bcC:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exed4190077-511a-11e4-9027-d04dfb42c591

Error: (10/11/2014 09:46:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2093c01cfe5276736ca5cC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exeb8388f79-511a-11e4-9027-d04dfb42c591

Error: (10/10/2014 04:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905b401cfe4953d4b24f8C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exea8f66567-5088-11e4-9568-958877593a92


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 3893.86 MB
Available physical RAM: 2013.5 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5586.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.62 GB) (Free:304.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Gmer-Log:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-16 16:43:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0005HPM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Niklas\AppData\Local\Temp\uwdiqpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                              fffff80002da9000 58 bytes [48, 83, EC, 20, 49, 8B, D9, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 588                                                                                                              fffff80002da903c 70 bytes [5C, 24, 30, 48, 83, C4, 20, ...]

---- User code sections - GMER 2.1 ----

.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                  0000000075de1401 2 bytes JMP 7642b21b C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                    0000000075de1419 2 bytes JMP 7642b346 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                  0000000075de1431 2 bytes JMP 764a8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                  0000000075de144a 2 bytes CALL 764048ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                              * 9
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                    0000000075de14dd 2 bytes JMP 764a87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                              0000000075de14f5 2 bytes JMP 764a8978 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                    0000000075de150d 2 bytes JMP 764a8698 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                              0000000075de1525 2 bytes JMP 764a8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                    0000000075de153d 2 bytes JMP 7641fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                        0000000075de1555 2 bytes JMP 764268ef C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                  0000000075de156d 2 bytes JMP 764a8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                    0000000075de1585 2 bytes JMP 764a8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                      0000000075de159d 2 bytes JMP 764a865c C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                    0000000075de15b5 2 bytes JMP 7641fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                  0000000075de15cd 2 bytes JMP 7642b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                              0000000075de16b2 2 bytes JMP 764a8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\IePluginServices\PluginService.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                              0000000075de16bd 2 bytes JMP 764a85f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000075de1401 2 bytes JMP 7642b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000075de1419 2 bytes JMP 7642b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000075de1431 2 bytes JMP 764a8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000075de144a 2 bytes CALL 764048ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        0000000075de14dd 2 bytes JMP 764a87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000075de14f5 2 bytes JMP 764a8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        0000000075de150d 2 bytes JMP 764a8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000075de1525 2 bytes JMP 764a8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000075de153d 2 bytes JMP 7641fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            0000000075de1555 2 bytes JMP 764268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000075de156d 2 bytes JMP 764a8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000075de1585 2 bytes JMP 764a8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          0000000075de159d 2 bytes JMP 764a865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000075de15b5 2 bytes JMP 7641fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000075de15cd 2 bytes JMP 7642b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000075de16b2 2 bytes JMP 764a8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000075de16bd 2 bytes JMP 764a85f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  0000000075de1401 2 bytes JMP 7642b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    0000000075de1419 2 bytes JMP 7642b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  0000000075de1431 2 bytes JMP 764a8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  0000000075de144a 2 bytes CALL 764048ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      0000000075de14dd 2 bytes JMP 764a87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              0000000075de14f5 2 bytes JMP 764a8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      0000000075de150d 2 bytes JMP 764a8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              0000000075de1525 2 bytes JMP 764a8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    0000000075de153d 2 bytes JMP 7641fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075de1555 2 bytes JMP 764268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  0000000075de156d 2 bytes JMP 764a8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    0000000075de1585 2 bytes JMP 764a8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        0000000075de159d 2 bytes JMP 764a865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    0000000075de15b5 2 bytes JMP 7641fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  0000000075de15cd 2 bytes JMP 7642b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              0000000075de16b2 2 bytes JMP 764a8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              0000000075de16bd 2 bytes JMP 764a85f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17                                                            0000000075de1401 2 bytes JMP 7642b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17                                                              0000000075de1419 2 bytes JMP 7642b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17                                                            0000000075de1431 2 bytes JMP 764a8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42                                                            0000000075de144a 2 bytes CALL 764048ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17                                                              0000000075de14dd 2 bytes JMP 764a87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17                                                        0000000075de14f5 2 bytes JMP 764a8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17                                                              0000000075de150d 2 bytes JMP 764a8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17                                                        0000000075de1525 2 bytes JMP 764a8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17                                                              0000000075de153d 2 bytes JMP 7641fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17                                                                  0000000075de1555 2 bytes JMP 764268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17                                                            0000000075de156d 2 bytes JMP 764a8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17                                                              0000000075de1585 2 bytes JMP 764a8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17                                                                0000000075de159d 2 bytes JMP 764a865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17                                                              0000000075de15b5 2 bytes JMP 7641fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17                                                            0000000075de15cd 2 bytes JMP 7642b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20                                                        0000000075de16b2 2 bytes JMP 764a8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5048] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31                                                        0000000075de16bd 2 bytes JMP 764a85f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  0000000075de1401 2 bytes JMP 7642b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    0000000075de1419 2 bytes JMP 7642b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  0000000075de1431 2 bytes JMP 764a8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  0000000075de144a 2 bytes CALL 764048ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                              * 9
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                      0000000075de14dd 2 bytes JMP 764a87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              0000000075de14f5 2 bytes JMP 764a8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                      0000000075de150d 2 bytes JMP 764a8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              0000000075de1525 2 bytes JMP 764a8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    0000000075de153d 2 bytes JMP 7641fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                          0000000075de1555 2 bytes JMP 764268ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  0000000075de156d 2 bytes JMP 764a8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    0000000075de1585 2 bytes JMP 764a8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                        0000000075de159d 2 bytes JMP 764a865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    0000000075de15b5 2 bytes JMP 7641fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  0000000075de15cd 2 bytes JMP 7642b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              0000000075de16b2 2 bytes JMP 764a8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[6052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              0000000075de16bd 2 bytes JMP 764a85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4572:4864]                                                                                                                  000007fefbc92bf8
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4572:5128]                                                                                                                  000007feecf2cf60
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4572:5288]                                                                                                                  000007fef8cf5124
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4572:7032]                                                                                                                  000007feece91b54
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4572:3976]                                                                                                                  000007feecf2cf60
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4348:4224]                                                                                                          00000000771a7587
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4348:1968]                                                                                                          000000006f927712
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4348:5968]                                                                                                          0000000077b92e65
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4348:2464]                                                                                                          0000000077b93e85
Thread    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4348:992]                                                                                                            0000000077b93e85
Thread    C:\Windows\system32\DllHost.exe [4888:5312]                                                                                                                                      000007fefa5f25e8
---- Processes - GMER 2.1 ----

Library  C:\PROGRA~3\zoomify2\110~1.25\zoomifyl32.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [5000] (COMPANY_NAME)(2014-10-02 08:26:24)  0000000071c60000

---- EOF - GMER 2.1 ----
Vielen Dank im Vorraus!

M-K-D-B 16.10.2014 17:03
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!








Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

Nikiwie 16.10.2014 18:33
die Logdatei von AdwCleaner:
Code:
# AdwCleaner v4.000 - Bericht erstellt am 16/10/2014 um 18:31:44
# DB v2014-10-15.7
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Niklas - NIKLAS-PC
# Gestartet von : C:\Users\Niklas\Desktop\AdwCleaner_4.000.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : SPPD
Dienst Gelöscht : SystemUpdatekb70007
Dienst Gelöscht : {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64
Dienst Gelöscht : {9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Windows\Microsoft\SystemUpdatekb70007
[!] Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\Program Files (x86)\ScanTack
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Niklas\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Niklas\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Peter\AppData\Roaming\Systweak
Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
Ordner Gelöscht : C:\Users\Peter\AppData\Local\fst_de_34
Ordner Gelöscht : C:\Users\Peter\AppData\Local\fst_de_37
Ordner Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\faststartff@gmail.com
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\boost@boost.net.xpi
Datei Gelöscht : C:\Users\Niklas\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
Datei Gelöscht : C:\Windows\System32\\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}w64.sys
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\searchplugins\bingp.xml
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\searchplugins\SafeFinder Search.xml
Datei Gelöscht : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xqg927d0.default\searchplugins\SafeFinder Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\user.js
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Niklas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_de_34]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_de_37]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\VIS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsProtectManger
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8118;hxxps=127.0.0.1:8118
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 0

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v26.0 (de)

[ygemp1jv.default] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[ygemp1jv.default] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
[ygemp1jv.default] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
[ygemp1jv.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1413463946&from=amt&uid=ST9500325AS_6VEECGNJ");
[ygemp1jv.default] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[ygemp1jv.default] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[xqg927d0.default] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLNG-C8mUvSkRYR70CAUUp[...]
[xqg927d0.default] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "SafeFinder Search");
[xqg927d0.default] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[xqg927d0.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLVgM9bjWq4Y0HOn[...]
[xqg927d0.default] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5HiW0gw-DXG-TurreliBoh0wba-TkLrx5k6Gc2XXa0v9SF-YIHp_ZsehaO3cozdomLkDz1OvCQKHRGjm-FKI3L2W0Gqc7[...]

-\\ Google Chrome v37.0.2062.124

Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1413463946&from=amt&uid=ST9500325AS_6VEECGNJ&q={searchTerms}

*************************

AdwCleaner[R0].txt - [18433 octets] - [16/10/2014 18:06:07]
AdwCleaner[S0].txt - [16340 octets] - [16/10/2014 18:31:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16401 octets] ##########
die Logdatei von MBAM:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.10.2014
Suchlauf-Zeit: 18:44:51
Logdatei: mwb-Log.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.10.16.05
Rootkit Datenbank: v2014.10.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Niklas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 406892
Verstrichene Zeit: 25 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 8
PUP.Optional.SupTab.A, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [372ed2431e5eaa8c2e711a886e941be5],
PUP.Optional.SupTab.A, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [372ed2431e5eaa8c2e711a886e941be5],
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\zoomify, In Quarantäne, [66fff91c2458f83e7b3b958410f303fd],
PUP.Optional.Zoomify.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zoomify, In Quarantäne, [8bda5fb6fd7fd660a5108495996a48b8],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [a7be61b4ee8e78be2ec758cdba49827e],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [065f779efb81dd59af4676afcc377a86],
PUP.Optional.Qone8, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bbaaa17496e6181e330a1c561fe58b75],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [68fd41d48af28fa79faab0bc986c35cb],

Registrierungswerte: 5
PUM.Bad.Proxy, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [1451f91cf587ab8b65566fb535ce956b]
PUM.Bad.Proxy, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [2d38d540bbc1af87ebd04fd5c43f7b85]
PUM.Bad.Proxy, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [8ed726efbdbfef474e6d978da65d748c]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-944339141-425316552-3423673361-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [c1a4d73e314b191d11df2806ef1440c0]
PUM.Bad.Proxy, HKU\S-1-5-21-944339141-425316552-3423673361-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [c99c1005f5877bbbb7042cf8b44f47b9]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 3
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],

Dateien: 47
PUP.Optional.Solimba, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1000\$RBOOGT0.exe, In Quarantäne, [cb9a7c99c1bb52e4f5227b9fc8399070],
PUP.Optional.Downloader, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$R4CGQOB.exe, In Quarantäne, [184d53c2a9d3280e2d2f0b94b34eeb15],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RMH1FJA.exe, In Quarantäne, [4e1760b507753105d453df83fe03639d],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RN5D50P.exe, In Quarantäne, [1e47bf56324a0e288f98134f23de629e],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RNY8X8S.exe, In Quarantäne, [74f14bcab5c7bf77e5424c160ff2b947],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$R19W157.exe, In Quarantäne, [3e276ea72d4f1d19d94e6bf73cc5f30d],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RDVQ7MZ.exe, In Quarantäne, [dc89bb5aa5d789adc36a476b59a89769],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RF81EJV.exe, In Quarantäne, [392c33e285f776c0ea3db8aa9e63be42],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RH25JB6.exe, In Quarantäne, [1b4ae530097379bdc964931f9071738d],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RXBQSKO.exe, In Quarantäne, [1253100584f88ea864c91c965fa2cf31],
PUP.Optional.Bundlore, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RZZY3CD.exe, In Quarantäne, [a1c434e12953de580449a96127de5da3],
PUP.Optional.Bandoo.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RB85JLO.exe, In Quarantäne, [fc6994810676b383f40e0b37c1407a86],
PUP.Optional.OutBrowse, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RBXRSIZ.exe, In Quarantäne, [b5b02aebaad20f278f88c5e5bc45ae52],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RPZ20XM.exe, In Quarantäne, [42231ef7e09cdc5a86a14022c63bd030],
PUP.Optional.DomaIQ, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RQ3PZGL.exe, In Quarantäne, [53125db813693bfb4ae13586728f01ff],
PUP.Optional.iBryte, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RQ8B2OH.exe, In Quarantäne, [76ef53c287f525110d6d8f2468995da3],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RQJ84KP.exe, In Quarantäne, [f86dfa1b2f4d63d3002d179b0af73cc4],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RIZJNZX.exe, In Quarantäne, [4025ba5b1b61b58143e45012bc458779],
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$RJBS23L.exe, In Quarantäne, [5f060312f8842610a5826bf7917004fc],
PUP.Optional.Amonetize, C:\$Recycle.Bin\S-1-5-21-944339141-425316552-3423673361-1005\$R5M5FB6.exe, In Quarantäne, [224349cc651776c0a687f5bdfc0547b9],
PUP.Optional.Conduit.A, C:\Users\Niklas\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [174eb164acd03ef89674b18026dbe21e],
PUP.Optional.InstallCore, C:\Users\Niklas\AppData\Local\Temp\nsrEDAE.tmp, In Quarantäne, [e28362b39ce02f070081605149b847b9],
PUP.Optional.Amonetize, C:\Users\Niklas\AppData\Local\Temp\MsiToExe.SetupExtension.msi, In Quarantäne, [d49165b0aece52e4809f831f54ad9070],
PUP.Optional.InstallCore, C:\Users\Niklas\AppData\Local\Temp\nsx367E.tmp, In Quarantäne, [8fd6b1647903f343b0d1bcf5a75a6f91],
PUP.Optional.InstallCore, C:\Users\Niklas\AppData\Local\Temp\nsk4754.tmp, In Quarantäne, [a5c00213a2da69cd2859a110aa573bc5],
PUP.Optional.Amonetize, C:\Users\Niklas\AppData\Local\Temp\DownloadSetup__2299_i827149855_il1729930.exe, In Quarantäne, [125319fc6f0d79bd67c6fcb6fd0431cf],
PUP.Optional.Amonetize, C:\Users\Niklas\AppData\Local\Temp\DownloadSetup__2299_i827160129_il1731687.exe, In Quarantäne, [c4a1eb2a710b57df05288e2443be926e],
PUP.Optional.WinSolution, C:\Users\Niklas\AppData\Local\Temp\wdmasetup.exe, In Quarantäne, [ee775abbf28a37ff7b68daae3ac7b44c],
PUP.Optional.StormWatch.A, C:\Users\Niklas\AppData\Local\Temp\91412429084\1_Offer_16.exe, In Quarantäne, [3e270a0bcdaf72c46920470e0df343bd],
PUP.Optional.StormWatch.A, C:\Users\Niklas\AppData\Local\Temp\91412429124\1_Offer_16.exe, In Quarantäne, [5312a76ebcc04de9c7c25203d7297e82],
PUP.Optional.InstallCore, C:\Users\Niklas\AppData\Local\Temp\is45637729\769646_stp\SmartWrapper.exe, In Quarantäne, [aeb7eb2a1e5e7eb8f6ebeab013f1d828],
PUP.Optional.Bandoo, C:\Users\Niklas\Downloads\iLvSetup-r394-n-bc.exe, In Quarantäne, [88dd20f52854a1956cc5849a4eb3e020],
PUP.Optional.OptimumInstaller.A, C:\Users\Niklas\Downloads\Player-Chrome (1).exe, In Quarantäne, [214483923a42a88e9691ea78966b21df],
PUP.Optional.OptimumInstaller.A, C:\Users\Niklas\Downloads\Player-Chrome (2).exe, In Quarantäne, [2c391005324a4cea8a9db9a9c9385da3],
PUP.Optional.OptimumInstaller.A, C:\Users\Niklas\Downloads\Player-Chrome.exe, In Quarantäne, [8fd6a174661688ae7daa00621fe2f50b],
PUP.Optional.DomaIQ, C:\Users\Peter\Downloads\Setup v2 1.exe, In Quarantäne, [442145d0a5d7ba7c0619ff5847b9d030],
PUP.Optional.Bundlore, C:\Users\Peter\Downloads\Setup.exe, In Quarantäne, [372e42d3a7d50135a7a636d41aeb4fb1],
PUP.Optional.Amonetize, C:\Windows\Installer\28212d.msi, In Quarantäne, [de879184ef8dc1755fc0178b38c9619f],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\logo.ico, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\Uninstaller.exe, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL32.dll, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\zoomifyL64.dll, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgapi.js, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgmain_app_bg.js, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\dgmain_app_cs.js, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\jquery4toolbar.js, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],
PUP.Optional.Zoomify.A, C:\ProgramData\zoomify2\1.1.0.25\content\witmain.js, In Quarantäne, [c99c22f30f6dc0764f8859bb63a0649c],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

die Logdatei von Zoek:
Code:
Zoek.exe v5.0.0.0 Updated 16-10-2014
Tool run by Niklas on 16.10.2014 at 19:23:09,92.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Niklas\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.10.2014 19:25:51 Zoek.exe System Restore Point Created Succesfully.

==== FireFox Fix ======================

Deleted from C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\prefs.js:
user_pref("keyword.URL", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");

Added to C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xqg927d0.default\prefs.js:

Added to C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\xqg927d0.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default
AE7B288233C212C62CD544BF768C45E6        - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll -        Shockwave for Director / Shockwave for Director


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="hxxp://www.google.com/search?q=%s"
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0F157AE0-4EAB-453B-90B2-7257ACFF8FC2} Google  Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="hxxp://www.google.com/search?q={sear"

==== Reset Google Chrome ======================

C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 16.10.2014 at 19:26:26,56 ======================

die beiden neuen Logdateien von FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Niklas (administrator) on NIKLAS-PC on 16-10-2014 19:27:36
Running from C:\Users\Niklas\Desktop
Loaded Profile: Niklas (Available profiles: Niklas & Mcx1-NIKLAS-PC & Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-944339141-425316552-3423673361-1000\...\MountPoints2: {063a95f6-d050-11e2-8b6d-90fba6c02f13} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-944339141-425316552-3423673361-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5D385D814A4DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: No Name - C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\ygemp1jv.default\extensions\faststartff@gmail.com [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-16]
CHR Extension: (Google Docs) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-10]
CHR Extension: (Google Drive) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-10]
CHR Extension: (Google-Suche) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-10]
CHR Extension: (Google Tabellen) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-16]
CHR Extension: (Skype Click to Call) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-04]
CHR Extension: (Google Wallet) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Google Mail) - C:\Users\Niklas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
U3 DfSdkS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 19:27 - 2014-10-16 19:28 - 00013858 _____ () C:\Users\Niklas\Desktop\FRST.txt
2014-10-16 19:26 - 2014-10-16 19:26 - 00007441 _____ () C:\Users\Niklas\Desktop\zoek-results.txt
2014-10-16 19:25 - 2014-10-16 19:26 - 00007441 _____ () C:\zoek-results.log
2014-10-16 19:22 - 2014-10-16 19:22 - 00000000 ____D () C:\zoek_backup
2014-10-16 18:46 - 2014-10-16 18:46 - 01290752 _____ () C:\Users\Niklas\Desktop\zoek.exe
2014-10-16 18:41 - 2014-10-16 19:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 18:41 - 2014-10-16 18:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-16 18:41 - 2014-10-16 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 18:41 - 2014-10-16 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 18:41 - 2014-10-16 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 18:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 18:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-16 18:41 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-16 18:38 - 2014-10-16 18:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Niklas\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-16 18:05 - 2014-10-16 18:31 - 00000000 ____D () C:\AdwCleaner
2014-10-16 18:04 - 2014-10-16 18:04 - 01976320 _____ () C:\Users\Niklas\Desktop\AdwCleaner_4.000.exe
2014-10-16 17:58 - 2014-10-16 17:58 - 01230808 _____ () C:\Users\Niklas\Downloads\Setup v2 1.exe
2014-10-16 16:04 - 2014-10-16 16:04 - 00380416 _____ () C:\Users\Niklas\Desktop\Gmer-19357.exe
2014-10-16 16:01 - 2014-10-16 19:27 - 00000000 ____D () C:\FRST
2014-10-16 15:59 - 2014-10-16 15:59 - 02111488 _____ (Farbar) C:\Users\Niklas\Desktop\FRST64.exe
2014-10-16 15:58 - 2014-10-16 15:58 - 00000000 _____ () C:\Users\Niklas\defogger_reenable
2014-10-16 15:52 - 2014-10-16 15:52 - 00050477 _____ () C:\Users\Niklas\Downloads\Defogger (1).exe
2014-10-15 14:18 - 2014-10-15 14:18 - 00001350 _____ () C:\Users\Peter\Desktop\Clean Registry for Free!.lnk
2014-10-15 14:12 - 2014-09-29 02:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 14:12 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 14:12 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 14:11 - 2014-08-19 05:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 14:11 - 2014-08-19 05:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 14:11 - 2014-07-07 04:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 14:11 - 2014-07-07 04:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 14:11 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 14:11 - 2014-07-07 04:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 14:11 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 14:11 - 2014-07-07 03:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 14:11 - 2014-07-07 03:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 14:11 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 14:11 - 2014-07-07 03:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 14:11 - 2014-07-07 03:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 14:11 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 14:10 - 2014-10-10 04:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 14:10 - 2014-10-10 04:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 14:10 - 2014-10-10 04:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 14:10 - 2014-08-19 05:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 14:10 - 2014-08-19 05:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 14:10 - 2014-08-19 05:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 14:10 - 2014-08-19 05:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 14:10 - 2014-08-19 04:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 14:10 - 2014-08-19 04:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 14:10 - 2014-08-19 04:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 14:10 - 2014-07-07 04:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 14:10 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 14:10 - 2014-07-07 04:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 14:10 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 14:10 - 2014-07-07 04:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 14:10 - 2014-07-07 04:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 14:10 - 2014-07-07 04:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 14:10 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 14:10 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 14:10 - 2014-07-07 03:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 14:10 - 2014-07-07 03:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 14:10 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 14:10 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 14:10 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 14:09 - 2014-10-07 04:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 14:09 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 14:09 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 14:09 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 14:09 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 14:09 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 14:09 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 14:09 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 14:09 - 2014-09-19 03:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 14:09 - 2014-09-19 03:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 14:09 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 14:09 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 14:09 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 14:09 - 2014-09-19 03:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 14:09 - 2014-09-19 03:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 14:09 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 14:09 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 14:09 - 2014-09-19 03:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 14:09 - 2014-09-19 03:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 14:09 - 2014-09-19 03:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 14:09 - 2014-09-19 03:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 14:09 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 14:09 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 14:09 - 2014-09-19 03:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 14:09 - 2014-09-19 03:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 14:09 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 14:09 - 2014-09-19 03:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 14:09 - 2014-09-19 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 14:09 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 14:09 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 14:09 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 14:09 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 14:09 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 14:09 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 14:09 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 14:09 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 14:09 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 14:09 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 14:09 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 14:09 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 14:09 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 14:09 - 2014-09-19 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 14:09 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 14:09 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 14:09 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 14:09 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 14:09 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 14:09 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 14:09 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 14:09 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 14:09 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 14:09 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 14:08 - 2014-09-18 04:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 14:08 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 14:08 - 2014-09-13 03:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 14:08 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 14:08 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 14:08 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 14:08 - 2014-08-29 04:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 14:08 - 2014-08-29 04:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 14:08 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 14:08 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 14:08 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 14:08 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 14:08 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 14:08 - 2014-07-17 04:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 14:08 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 14:08 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 14:08 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 14:08 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 14:08 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 17:42 - 2014-10-14 17:42 - 00003888 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel
2014-10-13 15:59 - 2014-10-13 15:59 - 00002495 _____ () C:\Users\Niklas\Desktop\Green Line 2.lnk
2014-10-07 18:03 - 2014-10-07 18:12 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0
2014-10-07 18:03 - 2014-10-07 18:03 - 00000000 ____D () C:\Users\Peter\.thumbnails
2014-10-07 16:54 - 2014-10-14 17:42 - 00000000 ____D () C:\Users\Peter\.gimp-2.8
2014-10-07 16:54 - 2014-10-07 16:54 - 00000894 _____ () C:\Users\Peter\Desktop\GIMP 2.lnk
2014-10-07 16:54 - 2014-10-07 16:54 - 00000000 ____D () C:\Users\Peter\AppData\Local\gegl-0.2
2014-10-07 16:53 - 2014-10-07 16:53 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-10-07 16:51 - 2014-10-07 16:53 - 00000000 ____D () C:\Program Files\GIMP 2
2014-10-07 16:39 - 2014-10-07 16:42 - 91670064 _____ (The GIMP Team ) C:\Users\Peter\Downloads\gimp-2.8.14-setup.exe
2014-10-04 12:18 - 2014-10-13 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-10-04 12:18 - 2014-10-04 12:18 - 00000944 _____ () C:\Users\Peter\Desktop\LogMeIn Hamachi.lnk
2014-10-04 12:18 - 2014-10-04 12:18 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-10-04 12:12 - 2014-10-14 17:36 - 00000000 ____D () C:\Users\Peter\Desktop\Server
2014-10-04 12:02 - 2014-10-04 12:03 - 10769744 _____ () C:\Users\Peter\Downloads\minecraft_server.1.8.exe
2014-10-02 14:17 - 2014-10-02 14:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-02 14:17 - 2014-10-02 14:17 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-02 14:17 - 2014-10-02 14:17 - 00000000 ____D () C:\Users\Peter\AppData\Local\Skype
2014-10-02 14:17 - 2014-10-02 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-02 14:15 - 2014-10-02 14:15 - 01678440 _____ (Skype Technologies S.A.) C:\Users\Peter\Downloads\SkypeSetup.exe
2014-10-01 22:21 - 2014-10-01 22:21 - 01162634 _____ () C:\Users\Niklas\Documents\1970er.odp
2014-10-01 22:08 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 22:08 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-01 22:02 - 2014-10-01 22:03 - 00739767 _____ () C:\Users\Niklas\Downloads\1970er.odp
2014-09-27 18:10 - 2014-10-13 15:48 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2014-09-25 13:45 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 13:45 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-20 10:58 - 2014-09-20 10:58 - 02346942 _____ () C:\Users\Peter\Downloads\TechnicLauncher (3).exe
2014-09-20 10:55 - 2014-09-20 10:55 - 02346942 _____ () C:\Users\Peter\Downloads\TechnicLauncher (2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 19:25 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 19:25 - 2009-07-14 06:45 - 00023152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 19:23 - 2013-05-09 13:30 - 01962553 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 19:21 - 2014-05-31 09:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-16 19:20 - 2013-10-06 12:25 - 00000000 ____D () C:\Users\Niklas\AppData\Roaming\Skype
2014-10-16 19:18 - 2014-07-20 08:03 - 00000000 ____D () C:\Users\Niklas\AppData\Local\LogMeIn Hamachi
2014-10-16 19:18 - 2013-05-10 11:59 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 19:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 19:17 - 2013-11-07 20:00 - 00144614 _____ () C:\Windows\PFRO.log
2014-10-16 19:17 - 2013-05-16 18:13 - 00060578 _____ () C:\Windows\setupact.log
2014-10-16 19:17 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2014-10-16 18:56 - 2013-05-10 11:59 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 18:48 - 2013-05-14 21:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 18:35 - 2014-07-23 14:24 - 00001354 _____ () C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-16 18:31 - 2013-05-14 20:40 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-16 18:31 - 2013-05-14 20:40 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-16 18:31 - 2013-05-10 12:01 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-16 18:31 - 2013-05-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-16 18:31 - 2013-05-09 20:54 - 00000997 _____ () C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-16 16:05 - 2013-05-17 10:20 - 00000000 ____D () C:\Users\Niklas\AppData\Roaming\Spotify
2014-10-16 15:58 - 2013-05-09 20:53 - 00000000 ____D () C:\Users\Niklas
2014-10-16 15:53 - 2013-05-17 10:20 - 00000000 ____D () C:\Users\Niklas\AppData\Local\Spotify
2014-10-16 15:13 - 2013-05-15 13:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-16 14:52 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 14:47 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 14:45 - 2009-07-14 06:45 - 00299120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 14:42 - 2014-05-09 18:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 14:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 16:27 - 2013-08-20 13:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 16:19 - 2013-05-10 11:25 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 16:18 - 2014-07-19 09:42 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn Hamachi
2014-10-15 14:25 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.minecraft
2014-10-13 16:43 - 2014-06-23 14:16 - 00000000 ____D () C:\Users\Peter\Documents\Klett
2014-10-13 16:31 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-10-13 16:31 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-10-13 16:31 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 15:59 - 2013-11-24 14:14 - 00000000 ____D () C:\Users\Niklas\Documents\Klett
2014-10-07 18:03 - 2014-05-10 11:49 - 00000000 ____D () C:\Users\Peter
2014-10-02 14:17 - 2013-10-06 12:25 - 00000000 ____D () C:\ProgramData\Skype
2014-09-30 09:13 - 2013-06-11 13:55 - 00013643 _____ () C:\Users\Niklas\Documents\Stundenzettel.ods
2014-09-30 09:08 - 2013-05-29 15:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-25 13:48 - 2013-05-14 21:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 13:48 - 2013-05-14 21:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-25 13:48 - 2013-05-14 21:08 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 08:42 - 2013-05-10 09:04 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Niklas\AppData\Local\Temp\avgnt.exe
C:\Users\Niklas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Niklas\AppData\Local\Temp\DownloadFileSetup_s.exe
C:\Users\Niklas\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Niklas\AppData\Local\Temp\instructionsBv3.exe
C:\Users\Niklas\AppData\Local\Temp\Quarantine.exe
C:\Users\Niklas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Niklas\AppData\Local\Temp\sqlite3.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite28376.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite38150.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite55326.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite78029.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite86114.dll
C:\Users\Niklas\AppData\Local\Temp\System.Data.SQLite93209.dll
C:\Users\Niklas\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Niklas\AppData\Local\Temp\_is936B.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-29 11:10

==================== End Of Log ============================
--- --- ---


Adittion:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Niklas at 2014-10-16 19:28:40
Running from C:\Users\Niklas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABC-Schutz-Simulator Version 1.0 (HKLM-x32\...\{0B0ADD81-270D-44C7-8AA9-882A42F2EC22}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{1C3FF45C-BAC7-9852-2000-2F0ACD40D5BE}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0909.1412.23625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0909.1412.23625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0909.1411.23625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0909.1412.23625 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0909.1412.23625 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Firefighters 2014 (HKLM-x32\...\Steam App 291910) (Version:  - VIS - Visual Imagination Software)
Flughafen-Feuerwehr-Simulator Version 1.0 (HKLM-x32\...\{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Green Line 2 Sprachtrainer (HKLM-x32\...\{16281EBA-AA00-44D2-BC8B-06F3C3380DA1}) (Version: 1.00.000 - Klett)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
phase5 (HKLM-x32\...\phase5) (Version: 09.09.2003 - Hans-Dieter Berretz)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-09-2014 16:12:56 Windows Update
20-09-2014 09:07:06 Windows Update
25-09-2014 11:51:11 Windows Update
25-09-2014 12:28:37 Windows Update
30-09-2014 07:03:14 Windows Update
02-10-2014 11:54:00 Windows Update
04-10-2014 10:15:10 Installed LogMeIn Hamachi
04-10-2014 10:16:14 Installed LogMeIn Hamachi
04-10-2014 13:23:36 Installed LogMeIn Hamachi
06-10-2014 14:30:02 Windows Update
10-10-2014 14:32:16 Windows Update
13-10-2014 13:50:54 Installiert Green Line 2 Sprachtrainer
14-10-2014 15:46:53 Windows Update
15-10-2014 12:14:30 Windows Update
15-10-2014 14:18:51 Windows Update
16-10-2014 13:10:04 Entfernt Green Line 1 Sprachtrainer
16-10-2014 13:21:33 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
16-10-2014 17:25:26 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2C18B2C2-FFD0-4919-BE2C-3DB1DC552182} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {77272C38-DF68-4D7C-9331-D9575E51EEAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {A0EA9E02-452D-4892-A414-F8E8B58A4165} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {D673AD14-B7C1-4AAF-8446-A7D76ECB35B4} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-NIKLAS-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-15 13:28 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2010-09-09 15:50 - 2010-09-09 15:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 14:11 - 2010-09-09 14:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 13:58 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-25 13:58 - 2014-09-23 06:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-944339141-425316552-3423673361-500 - Administrator - Disabled)
Gast (S-1-5-21-944339141-425316552-3423673361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-944339141-425316552-3423673361-1002 - Limited - Enabled)
Mcx1-NIKLAS-PC (S-1-5-21-944339141-425316552-3423673361-1004 - Limited - Enabled) => C:\Users\Mcx1-NIKLAS-PC.Niklas-PC
Niklas (S-1-5-21-944339141-425316552-3423673361-1000 - Administrator - Enabled) => C:\Users\Niklas
Peter (S-1-5-21-944339141-425316552-3423673361-1005 - Limited - Enabled) => C:\Users\Peter

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2014 02:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5e4
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/15/2014 02:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x16a4
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/14/2014 05:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0xc18
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/13/2014 02:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5a8
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/13/2014 02:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x1354
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/11/2014 04:03:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm RegCleanPro.exe, Version 6.21.65.2763 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 958

Startzeit: 01cfe55bb2c9e86d

Endzeit: 6

Anwendungspfad: C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

Berichts-ID: 59b79388-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 04:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/11/2014 09:47:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x6a8
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3

Error: (10/11/2014 09:46:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Name des fehlerhaften Moduls: RSHP.exe, Version: 2.0.3.263, Zeitstempel: 0x535f59f7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b20
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xRSHP.exe0
Pfad der fehlerhaften Anwendung: RSHP.exe1
Pfad des fehlerhaften Moduls: RSHP.exe2
Berichtskennung: RSHP.exe3

Error: (10/10/2014 04:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Ausnahmecode: 0x40000015
Fehleroffset: 0x00027590
ID des fehlerhaften Prozesses: 0x5b4
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3


System errors:
=============
Error: (10/16/2014 07:18:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Ashampoo LiveTuner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 06:34:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "zoomify" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 06:34:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Ashampoo LiveTuner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call PNR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Skype Click to Call Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LMIGuardianSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/16/2014 06:31:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (10/15/2014 02:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905e401cfe86df4126b31C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exe3810af7d-5465-11e4-a19d-c34678e1e992

Error: (10/15/2014 02:17:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2016a401cfe871e39e5c13C:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe2bbb582a-5465-11e4-a19d-c34678e1e992

Error: (10/14/2014 05:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b20c1801cfe7c4652db87eC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exeb74f64da-53b7-11e4-ae78-9415ac3b5c96

Error: (10/13/2014 02:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905a801cfe6e1de61e1d1C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exe3fd3c266-52d5-11e4-9243-f13c19d0f490

Error: (10/13/2014 02:34:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b20135401cfe6e1fe0b174dC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe3dade487-52d5-11e4-9243-f13c19d0f490

Error: (10/11/2014 04:03:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RegCleanPro.exe6.21.65.276395801cfe55bb2c9e86d6C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe59b79388-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 04:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2098001cfe55bb4126653C:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exe066b3fb8-514f-11e4-a5c2-e28aada85998

Error: (10/11/2014 09:47:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275906a801cfe5275e8523bcC:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exed4190077-511a-11e4-9027-d04dfb42c591

Error: (10/11/2014 09:46:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RSHP.exe2.0.3.263535f59f7RSHP.exe2.0.3.263535f59f74000001500017b2093c01cfe5276736ca5cC:\Program Files (x86)\SupTab\RSHP.exeC:\Program Files (x86)\SupTab\RSHP.exeb8388f79-511a-11e4-9027-d04dfb42c591

Error: (10/10/2014 04:21:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640PluginService.exe13.27.0.301536b564040000015000275905b401cfe4953d4b24f8C:\ProgramData\IePluginServices\PluginService.exeC:\ProgramData\IePluginServices\PluginService.exea8f66567-5088-11e4-9568-958877593a92


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 42%
Total physical RAM: 3893.86 MB
Available physical RAM: 2245.31 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5969.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.62 GB) (Free:304.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.84 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 91CA769B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
Danke für deine Hilfe :dankeschoen:

M-K-D-B 16.10.2014 19:03
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-944339141-425316552-3423673361-1005\User: Group Policy restriction detected <======= ATTENTION
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die beiden neuen Logdateien von FRST.

M-K-D-B 21.10.2014 12:27
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131