Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GData 2015 INTERNET SECURITY Fehlermeldung: "Dieses Programm wir durch eine Gruppenrichtlinie blockiert [..]" (https://www.trojaner-board.de/161677-gdata-2015-internet-security-fehlermeldung-programm-gruppenrichtlinie-blockiert.html)

ada2 09.12.2014 20:03
GData 2015 INTERNET SECURITY Fehlermeldung: "Dieses Programm wir durch eine Gruppenrichtlinie blockiert [..]"
 
Guten Abend!
Habe nun seit ca 1 Monat das Problem, dass die im Titel angeschnittene Fehlermeldung kommt, sobald ich GDATA öffnen möchte.. Habe bereits mehrfach GDATA Fachgerecht mit Tools von GDATA Deinstalliert und auch wieder Installiert. Bis vor ca. 10 Minuten habe ich es auch wieder Rückstandslos einmal mit dem Programm "AV Cleaner" und dem Installationshelfer von GDATA deinstalliert und wieder eine neue Testversion installiert und auch registriert. Aber die Meldung kommt schonwieder... :headbang:
FRST 64 (Ja, habe Windows 64 Bit) habe ich bereits drüber laufen lassen. Hier das FRST File:

[Im Anhang, genau so wie das Addition-File]

RevoUninstaller hab ich mir schon geholt, falss das was nützt...
Danke schonmal im vorraus und freundliche Grüße!
ADA2

schrauber 09.12.2014 20:19
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

ada2 09.12.2014 20:21
Alles klar tut mir Leid mache ich sofort!
Also FRST File:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by ada2 (administrator) on ADA2-PC on 09-12-2014 19:50:46
Running from C:\Users\ada2\Desktop
Loaded Profiles: ada2 & UpdatusUser (Available profiles: ada2 & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\TpKmpSvc.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
(LogMeIn Inc.) F:\hamachi\hamachi-2.exe
(LogMeIn, Inc.) F:\hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
HKLM-x32\...\Run: [GrooveMonitor] => E:\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\Run: [TPKMAPMN] => C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe [49152 2007-09-21] ()
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\MountPoints2: {b3d94ed7-72cd-11e3-81ad-c60bac9b65db} - I:\setup.exe -a
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\MountPoints2: {b4b88c72-752a-11e3-ae51-e62afd1383dd} - I:\setup.exe -a
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\MountPoints2: {c7b05af3-eb98-11e2-9450-bcaec576a41f} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\MountPoints2: {c7e1c52f-f15b-11e2-95ee-bcaec576a41f} - H:\Autorun.exe
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3957391298-3361042741-711773924-1002\Software\Microsoft\Internet Explorer\Main,Local Page =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3957391298-3361042741-711773924-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=DE&ver=22&locale=de_DE&gct=sb&qsrc=2869
BHO: AC-Pro -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Program Files (x86)\AutocompletePro\64\AutocompletePro64.dll (SimplyGen)
BHO-x32: AC-Pro -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3957391298-3361042741-711773924-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 validation.sls.microsoft.com

FireFox:
========
FF ProfilePath: C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3957391298-3361042741-711773924-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: AutocompletePro - Your handy search suggestions tool - C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\Extensions\support@predictad.com [2014-07-07]
FF Extension: Stylish - C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-06-30]
FF Extension: NoScript - C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-04]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2012-12-03]
FF StartMenuInternet: FIREFOX.EXE - F:\Alles von 14-11.12\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmP-HHBmnSXtTtLCBlItF5r8EKq0DLv-L4HfwXF0iNGlgCMRht_nC4UUbXXF-x7oK2g9Q_eEkheOsPk2KRvr5yw7COMaTmqKtgdewbk8pFPd1-e-wpKkQg62bGqOVUzAuW7sVGcu4VeWVGaD7o--uLDVDYLc,
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-07-03]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-03-29]
CHR Extension: (AdBlock) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-30]
CHR Extension: (Deezer Mediakeys Reloaded) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjacdgelmcehgcakabkobhgiamfklah [2014-10-28]
CHR Extension: (FoxyDeal) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2014-11-30]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Deezer) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2013-10-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; F:\hamachi\hamachi-2.exe [2530128 2014-12-01] (LogMeIn Inc.)
S4 Megatech-Software-Protection; C:\Program Files (x86)\Megatech\MProtect\MPServ.EXE [36864 2007-12-12] () [File not signed]
S4 Microsoft Office Groove Audit Service; E:\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-30] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-07] (Microsoft Corporation) [File not signed]
R2 TpKmpSVC; C:\Windows\SysWOW64\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-31] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-21] (DT Soft Ltd)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-08-20] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2012-11-14] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-31] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-20] (RapidSolution Software AG)
S0 GDBehave; system32\drivers\GDBehave.sys [X]
S1 GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [X]
S1 HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:50 - 2014-12-09 19:50 - 02785665 _____ (PortableApps.com) C:\Users\ada2\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-12-09 19:50 - 2014-12-09 19:50 - 02119680 _____ (Farbar) C:\Users\ada2\Desktop\FRST64.exe
2014-12-09 19:50 - 2014-12-09 19:50 - 00017875 _____ () C:\Users\ada2\Desktop\FRST.txt
2014-12-09 19:50 - 2014-12-09 19:50 - 00000000 ____D () C:\FRST
2014-12-09 19:47 - 2014-12-09 19:47 - 00002980 _____ () C:\Windows\System32\Tasks\{AE977176-56BF-4E8D-B089-30EF91B12DE2}
2014-12-09 19:47 - 2014-12-09 19:47 - 00002980 _____ () C:\Windows\System32\Tasks\{962CB599-C70C-425A-8E4C-B8BE6AE407FF}
2014-12-09 19:35 - 2014-12-09 19:35 - 00002050 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-12-09 19:35 - 2014-12-09 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-12-09 19:28 - 2014-12-09 19:31 - 200825928 _____ (G Data Software AG) C:\Users\ada2\Downloads\INT_R_BASE_2015_IS.exe
2014-12-09 19:22 - 2014-12-09 19:22 - 00896280 _____ () C:\Users\ada2\Downloads\Norton_Removal_Tool.exe
2014-12-09 19:19 - 2014-12-09 19:19 - 00411144 _____ () C:\Users\ada2\Downloads\AVCleaner.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 00019813 _____ () C:\Users\ada2\Downloads\92160_Roller-Delayed_Blowback.phz
2014-12-09 17:37 - 2014-12-09 17:39 - 25453214 _____ () C:\Users\ada2\Downloads\Map_SpinTires_-_Level_Up_2.0.rar
2014-12-09 17:36 - 2014-12-09 17:37 - 19849446 _____ () C:\Users\ada2\Downloads\LandRover_III_v2.zip
2014-12-09 13:20 - 2014-12-09 13:20 - 00390360 _____ () C:\Users\ada2\Downloads\92121_Gun_with_gas_operation_system.phz
2014-12-09 13:17 - 2014-12-09 13:17 - 00548832 _____ () C:\Users\ada2\Downloads\91962_Smashable_Ball.phz
2014-12-08 18:08 - 2014-12-08 18:08 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\WDC
2014-12-08 16:25 - 2014-12-08 16:26 - 00157277 _____ () C:\Users\ada2\Downloads\41344_Jeep_Cherokee.phz
2014-12-08 16:25 - 2014-12-08 16:25 - 01047594 _____ () C:\Users\ada2\Downloads\37103_Crown_Victoria_rear_update.phz
2014-12-08 16:23 - 2014-12-08 16:23 - 00214033 _____ () C:\Users\ada2\Downloads\92037_________________________2101-2107.phz
2014-12-07 12:26 - 2014-12-07 12:26 - 00000000 ____D () C:\Users\ada2\Desktop\Fliege
2014-12-07 11:58 - 2014-12-07 12:17 - 00000000 ____D () C:\Users\ada2\Desktop\Me
2014-12-07 11:50 - 2014-12-07 11:50 - 00045082 _____ () C:\Users\ada2\Downloads\91906_honda_one_cylinder_70_cc_4_stroke_electric_start_low_rpm_engine.phz
2014-12-06 19:23 - 2014-12-06 19:46 - 00000000 ____D () C:\Users\ada2\Desktop\SC Trucks 6.12.14
2014-12-06 18:03 - 2014-12-06 18:03 - 00456834 _____ () C:\Users\ada2\Downloads\92009_Cannon_V20.phz
2014-12-06 15:21 - 2014-12-06 15:21 - 00094931 _____ () C:\Users\ada2\Downloads\91629_JH-Katiba_65mm_Drum_mag.phz
2014-12-06 13:52 - 2014-12-06 13:52 - 07779858 _____ () C:\Users\ada2\Downloads\81564_SWAT_MP_9mm.phz
2014-12-06 13:51 - 2014-12-06 13:51 - 00058237 _____ () C:\Users\ada2\Downloads\91668_JH-Para_P4_Final.phz
2014-12-06 13:49 - 2014-12-06 13:49 - 00061031 _____ () C:\Users\ada2\Downloads\91767_Mossberg_500_Tuned (1).phz
2014-12-06 13:47 - 2014-12-06 13:47 - 00093781 _____ () C:\Users\ada2\Downloads\56112_Diesel_76 (1).phz
2014-12-06 13:46 - 2014-12-06 13:46 - 00069091 _____ () C:\Users\ada2\Downloads\56075_Diesel_59.phz
2014-12-06 13:41 - 2014-12-06 13:41 - 00336797 _____ () C:\Users\ada2\Downloads\91913_Speed_Dual-Suspension_test.phz
2014-12-05 21:24 - 2014-12-05 21:24 - 00115698 _____ () C:\Users\ada2\Downloads\62151_M16A3_Version_3.phz
2014-12-05 21:23 - 2014-12-05 21:23 - 00035694 _____ () C:\Users\ada2\Downloads\62746_New_Suspensions____VERY_LONG.phz
2014-12-05 21:11 - 2014-12-05 21:11 - 00845191 _____ () C:\Users\ada2\Downloads\91907_Suspension.phz
2014-12-02 13:32 - 2014-12-02 13:32 - 00000000 ____D () C:\Users\ada2\AppData\Local\MX Simulator Demo
2014-12-02 13:26 - 2014-12-02 13:27 - 79732217 _____ () C:\Users\ada2\Downloads\mxsimulator-demo-1_8-install.exe
2014-11-30 22:45 - 2014-11-30 22:45 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\InstallShield
2014-11-30 22:44 - 2014-11-30 22:44 - 00000001 _____ () C:\Windows\SysWOW64\SI.bin
2014-11-30 21:43 - 2014-11-30 21:43 - 00021659 _____ () C:\Users\ada2\Downloads\91630_my_1st_cannon.phz
2014-11-30 21:40 - 2014-11-30 21:40 - 00061031 _____ () C:\Users\ada2\Downloads\91767_Mossberg_500_Tuned.phz
2014-11-29 10:51 - 2014-11-29 10:51 - 00067934 _____ () C:\Users\ada2\Downloads\91667_JH-ARX_RG.phz
2014-11-29 10:46 - 2014-11-29 10:46 - 03123147 _____ () C:\Users\ada2\Downloads\91670_Agram_2000.phz
2014-11-28 16:38 - 2014-11-28 16:38 - 00075287 _____ () C:\Users\ada2\Downloads\91629_JH-Katoba_65mm_Bullpup.phz
2014-11-27 12:23 - 2014-11-27 12:23 - 00298896 _____ () C:\Users\ada2\Downloads\91586_PM5_Shotgun_.phz
2014-11-27 12:21 - 2014-11-27 12:21 - 00060993 _____ () C:\Users\ada2\Downloads\91587_Mossberg_500.phz
2014-11-26 21:54 - 2014-11-26 21:54 - 00263104 _____ () C:\Users\ada2\Downloads\84302_1911_man_2.phz
2014-11-26 19:19 - 2014-11-26 19:19 - 00066528 _____ () C:\Users\ada2\Downloads\91531_Racing_V8_Collide_Engine_(Throttle-able).phz
2014-11-25 13:55 - 2014-11-25 13:55 - 00023035 _____ () C:\Users\ada2\Downloads\91488_Fuel_Tank__with_leveler_.phz
2014-11-24 21:27 - 2014-11-24 21:27 - 00037842 _____ () C:\Users\ada2\Downloads\91197_Magnum_Ammo.phz
2014-11-24 17:43 - 2014-11-24 17:43 - 00434866 _____ () C:\Users\ada2\Downloads\91435_SA_EMP_9mm.phz
2014-11-23 19:32 - 2014-11-23 19:33 - 00000000 ____D () C:\Users\ada2\Desktop\Darkmoon Backup einsenden 23.11.14
2014-11-23 19:06 - 2014-12-05 15:02 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-11-23 19:06 - 2014-11-23 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-11-23 19:06 - 2014-11-23 19:06 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-11-23 19:05 - 2014-11-23 19:05 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\ada2\Downloads\BlueStacks-SplitInstaller_native.exe
2014-11-23 19:05 - 2014-11-23 19:05 - 00000000 ____D () C:\Users\ada2\AppData\Local\Bluestacks
2014-11-23 00:11 - 2014-11-23 00:11 - 00386434 _____ () C:\Users\ada2\Downloads\91417_Glock_Gun_And_Airsoft.phz
2014-11-20 21:08 - 2014-11-20 21:08 - 00886718 _____ () C:\Users\ada2\Downloads\attachments+2ndislandweapons.zip
2014-11-20 19:59 - 2014-11-20 19:59 - 03123500 _____ () C:\Users\ada2\Downloads\attachments_patch.zip
2014-11-20 19:54 - 2014-11-20 19:54 - 00457391 _____ () C:\Users\ada2\Downloads\91318_P226.phz
2014-11-19 10:15 - 2014-11-19 10:15 - 00349930 _____ () C:\Users\ada2\Downloads\91266_taljajousi_V2_taulu.phz
2014-11-18 17:43 - 2014-11-18 17:43 - 00522452 _____ () C:\Users\ada2\Downloads\91167_PISTOOLI.phz
2014-11-17 18:09 - 2014-11-17 18:09 - 01354534 _____ () C:\Users\ada2\Downloads\ejs_bu_waves_Ripple_Tank_Interference.jar
2014-11-16 15:21 - 2014-11-16 15:21 - 00076670 _____ () C:\Users\ada2\Downloads\91188_open-bolt_smg.phz
2014-11-14 22:29 - 2014-11-14 22:29 - 00638888 _____ (Oracle Corporation) C:\Users\ada2\Downloads\chromeinstall-8u25.exe
2014-11-14 21:58 - 2014-11-14 21:58 - 00816698 _____ () C:\Users\ada2\Downloads\91099_Speed_Shop30.phz
2014-11-14 21:11 - 2014-11-14 21:11 - 00000683 _____ () C:\Users\ada2\Desktop\MSI Afterburner.lnk
2014-11-14 21:04 - 2014-11-14 21:04 - 34323316 _____ () C:\Users\ada2\Downloads\MSIAfterburnerSetup400.zip
2014-11-14 17:56 - 2014-11-14 17:56 - 00067387 _____ () C:\Users\ada2\Downloads\Far-Cry-3-Blood-Dragon-ubiorbitapi_r2.dll-ubiorbitapi_r2_loader.dll.rar
2014-11-13 18:26 - 2014-11-13 18:26 - 00000811 _____ () C:\Users\Public\Desktop\FarCry 3.lnk
2014-11-12 17:30 - 2014-11-12 17:30 - 00282295 _____ () C:\Users\ada2\Downloads\90713_Tubegun (1).phz
2014-11-11 22:20 - 2014-11-11 22:20 - 00043583 _____ () C:\Users\ada2\Downloads\48618_Automatic_Gun_recoil_powered (1).phz
2014-11-11 22:18 - 2014-11-11 22:18 - 00660676 _____ () C:\Users\ada2\Downloads\90122_NG-SMG-5 (2).phz
2014-11-11 22:17 - 2014-11-11 22:17 - 00168116 _____ () C:\Users\ada2\Downloads\90116_Open_Bolt_240RPM_(upd).phz
2014-11-11 22:14 - 2014-11-11 22:14 - 00076109 _____ () C:\Users\ada2\Downloads\55170_gasgun_v16c.phz
2014-11-11 22:09 - 2014-11-11 22:09 - 00143835 _____ () C:\Users\ada2\Downloads\36884_Carbine_1_u.phz
2014-11-11 22:08 - 2014-11-11 22:08 - 00092492 _____ () C:\Users\ada2\Downloads\35303_Automaticrifle_1.phz
2014-11-11 22:06 - 2014-11-11 22:06 - 00038537 _____ () C:\Users\ada2\Downloads\72379_bullet_concept.phz
2014-11-11 22:03 - 2014-11-11 22:03 - 00280132 _____ () C:\Users\ada2\Downloads\64935_bolty_rifle.phz
2014-11-11 18:34 - 2014-11-11 18:34 - 00133435 _____ () C:\Users\ada2\Downloads\90967_Fast_Rifle_Reupload.phz
2014-11-10 18:56 - 2014-11-28 17:50 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Nitro PDF
2014-11-10 18:55 - 2014-11-10 18:55 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Nitro
2014-11-10 18:55 - 2014-11-10 18:55 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\FileOpen
2014-11-10 18:55 - 2014-11-10 18:55 - 00000000 ____D () C:\ProgramData\FileOpen
2014-11-10 18:54 - 2014-11-10 18:54 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Downloaded Installations
2014-11-10 18:54 - 2014-11-10 18:54 - 00000000 ____D () C:\ProgramData\Nitro
2014-11-10 18:52 - 2014-11-10 18:52 - 01678960 _____ (Solid State Networks) C:\Users\ada2\Downloads\nitro_pdf_reader3565_64_dlm.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 19:50 - 2010-11-21 07:50 - 00700342 _____ () C:\Windows\system32\perfh007.dat
2014-12-09 19:50 - 2010-11-21 07:50 - 00149138 _____ () C:\Windows\system32\perfc007.dat
2014-12-09 19:50 - 2009-07-14 06:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 19:47 - 2012-11-14 18:25 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Skype
2014-12-09 19:46 - 2013-03-25 17:44 - 00000000 ____D () C:\Users\ada2\AppData\Local\LogMeIn Hamachi
2014-12-09 19:46 - 2012-11-15 17:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 19:46 - 2012-11-13 21:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-09 19:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 19:46 - 2009-07-14 05:51 - 00146978 _____ () C:\Windows\setupact.log
2014-12-09 19:35 - 2012-11-22 17:44 - 00048840 _____ () C:\Windows\DPINST.LOG
2014-12-09 19:35 - 2012-11-14 14:30 - 00000000 ____D () C:\ProgramData\G DATA
2014-12-09 19:35 - 2012-11-14 14:30 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-12-09 19:35 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 19:35 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 19:28 - 2010-11-21 04:47 - 00838550 _____ () C:\Windows\PFRO.log
2014-12-09 19:23 - 2014-11-06 21:20 - 00000000 ____D () C:\ProgramData\Norton
2014-12-09 19:23 - 2014-11-06 21:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-09 19:15 - 2012-11-15 17:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 18:22 - 2013-05-14 21:10 - 00000000 ____D () C:\Users\ada2\Documents\Algodoo
2014-12-09 17:41 - 2014-02-28 18:15 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\SpinTires
2014-12-07 12:38 - 2014-03-18 20:51 - 00001650 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2014-12-07 12:38 - 2014-03-18 20:51 - 00000530 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi.lnk
2014-12-06 15:21 - 2014-03-24 19:43 - 00000000 ____D () C:\Users\ada2\AppData\Local\CrashDumps
2014-12-05 21:54 - 2013-11-30 14:55 - 00000000 ____D () C:\Users\ada2\Desktop\Q11;12
2014-12-05 21:53 - 2013-01-03 21:49 - 00000000 ____D () C:\Users\ada2\Desktop\alles
2014-12-01 08:28 - 2012-11-14 14:52 - 00108448 _____ () C:\Users\ada2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-01 08:27 - 2009-07-14 05:45 - 00407272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-30 22:44 - 2013-12-22 16:19 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-11-30 22:44 - 2012-11-13 21:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-30 22:39 - 2014-06-22 14:51 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\inkscape
2014-11-30 22:37 - 2012-11-15 17:22 - 00000000 ____D () C:\Users\ada2\AppData\Local\Google
2014-11-28 16:43 - 2012-11-17 23:19 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-28 16:43 - 2012-11-17 23:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-23 19:12 - 2013-08-01 18:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-23 19:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-22 21:40 - 2012-11-17 23:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-21 22:47 - 2014-11-06 18:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 21:10 - 2012-11-15 17:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 21:10 - 2012-11-15 17:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 10:27 - 2013-06-25 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 22:33 - 2014-03-02 10:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 22:30 - 2014-03-02 10:40 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 22:30 - 2013-09-04 13:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-13 18:27 - 2012-12-01 11:04 - 00000000 ____D () C:\Users\ada2\Documents\My Games
2014-11-13 18:27 - 2012-12-01 11:04 - 00000000 ____D () C:\ProgramData\Orbit
2014-11-13 18:14 - 2013-02-03 15:49 - 00000000 ____D () C:\ProgramData\Nero
2014-11-13 18:10 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-12 19:13 - 2013-05-22 17:37 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\vlc
2014-11-10 19:26 - 2012-11-30 21:13 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\uTorrent

Some content of TEMP:
====================
C:\Users\ada2\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 13:02

==================== End Of Log ============================
--- --- ---



..Und Addition File:

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
Ran by ada2 at 2014-12-09 19:51:05
Running from C:\Users\ada2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28595 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version:  - Algoryx)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutocompletePro (HKLM-x32\...\AutocompletePro3_is1) (Version:  - ) <==== ATTENTION
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Bulk Rename Utility 2.7.1.2 (HKLM-x32\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5118 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dienstprogramm 'ThinkPad-Tastaturanpassung' (HKLM-x32\...\{2111B23F-7FDA-4A41-8309-E5A1663CA296}) (Version: 1.3.53.0 - )
FarCry 3 (HKLM-x32\...\FarCry 3_is1) (Version:  - )
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.11.36.1201 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.36.1201 - DVDVideoSoft Ltd.)
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.2 - G DATA Software AG)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV v1.0 / RePack by Baracuda (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}_is1) (Version:  - )
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM\...\{90140000-00D1-0407-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mountain Lion Skin Pack 4.0-Win7X86 (HKLM-x32\...\Mountain Lion Skin Pack) (Version: 4.0-Win7X86 - skinpack)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.58 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.58 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.58 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Spintires (HKLM-x32\...\Spintires_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SpinTires Tech Demo (June 040613) (HKLM-x32\...\{9AF7D6F5-50A5-432C-9F7B-83BCE03B11A0}) (Version: 1.3 - Oovee)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WarThunder (HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\129e7c26cc5832ad) (Version: 1.2.0.0 - WarThunder)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XQDC X-Setup Pro 9.2.100 (HKLM-x32\...\xqdcXSP_is1) (Version: 9.2.100 - XQDC Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-11-2014 17:09:46 MegaCAD 2014 (64) 2D wurde entfernt.
13-11-2014 17:10:42 Removed Microsoft Games for Windows Marketplace
13-11-2014 17:11:19 Removed Theme Manager
13-11-2014 17:12:39 No23 Recorder wird entfernt
13-11-2014 17:12:51 Removed Nero 12.
30-11-2014 21:36:03 OpenOffice.org 3.4.1 wird entfernt
30-11-2014 21:38:25 Removed EAX4 Unified Redist
30-11-2014 21:40:21 Removed Microsoft Games for Windows - LIVE Redistributable
30-11-2014 21:41:05 Nitro Reader 3 wurde entfernt
30-11-2014 21:44:12 Entfernt Tom Clancy's Splinter Cell Double Agent
30-11-2014 21:44:46 Removed Ubisoft Game Launcher
30-11-2014 21:45:09 Entfernt Tom Clancy's Rainbow Six Vegas

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-11-19 19:47 - 00000864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06A7FBEB-3B2A-4096-95F7-A4CC86797AE4} - System32\Tasks\{A1084B94-13B6-4AFA-A102-C0B25AD48152} => C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe [2014-07-30] (G Data Software AG)
Task: {0BBBB55C-EEF8-409A-8A5B-887ED5A95763} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000Core => C:\Users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-21] (Facebook Inc.)
Task: {1A8A3EE9-9294-4561-A63B-09163A885C12} - System32\Tasks\{8CF03B44-5B6D-41BC-B28A-E1171C7EC2F0} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.60.106/de/abandoninstall?page=tsBing
Task: {1FB626FF-FDAA-4EA9-9885-9EB30DF23B34} - System32\Tasks\{B96D3556-3F2C-4D00-897D-7F8070AB99FF} => E:\hamachi-2-ui.exe
Task: {26440AB2-3888-4088-92F0-C330FDADB1FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15] (Google Inc.)
Task: {2EF43805-2E4C-4A88-91A0-C9B03893D06E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15] (Google Inc.)
Task: {434E05EB-0203-46C0-BA21-C6B3DC698A23} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\SymErr.exe
Task: {4F1B05F7-64CE-47CD-A22C-748FCE975728} - System32\Tasks\{962CB599-C70C-425A-8E4C-B8BE6AE407FF} => C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe [2014-07-30] (G Data Software AG)
Task: {5938019F-3F16-462B-B1C8-8A688DC910D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\WSCStub.exe
Task: {98CE96CA-0530-4217-B603-0EEECEBEB1E2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000UA => C:\Users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-21] (Facebook Inc.)
Task: {AC3FF125-273C-44C5-A92E-D64A84777EFD} - System32\Tasks\{09D9275F-A99B-4022-A1CA-2D63D1F4629D} => G:\setup.exe
Task: {C690DD03-8D4C-48C5-B1D0-DD6A2D92F478} - System32\Tasks\{051ABBC0-884C-4575-B295-C4CBA86D0835} => E:\hamachi-2-ui.exe
Task: {DB973F8B-F453-4064-8AE4-04A31CA89611} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.0.2.17\SymErr.exe
Task: {E82EBF95-86AF-4582-BD67-ACCFA267A300} - System32\Tasks\{AE977176-56BF-4E8D-B089-30EF91B12DE2} => C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe [2014-07-30] (G Data Software AG)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000Core.job => C:\Users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000UA.job => C:\Users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-13 21:40 - 2013-10-15 22:47 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-17 23:18 - 2014-06-30 20:53 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-02-20 18:29 - 2006-06-29 21:57 - 00032768 _____ () C:\Windows\SysWOW64\TpKmpSVC.exe
2013-02-20 18:29 - 2007-09-21 15:45 - 00049152 _____ () C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-20 18:29 - 2006-06-29 21:57 - 00077824 _____ () C:\Program Files (x86)\ThinkPad\Utilities\TpKmapHk.dll
2014-11-26 18:02 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 18:02 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 18:02 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 18:02 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:054203E4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Megatech-Software-Protection => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\Windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\ada2\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BlackGlass => C:\Users\ada2\AppData\Local\Temp\Rar$EXa0.653\Extras\Black_Glass_Enhanced_v0_5_by_curiouso9\Black Glass Enhanced v0.5\BlackGlassEnhanced.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Glass2k => C:\Users\ada2\Downloads\Glass2k.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "F:\hamachi\hamachi-2-ui.exe" --auto-start

========================= Accounts: ==========================

ada2 (S-1-5-21-3957391298-3361042741-711773924-1000 - Administrator - Enabled) => C:\Users\ada2
Administrator (S-1-5-21-3957391298-3361042741-711773924-500 - Administrator - Disabled)
Gast (S-1-5-21-3957391298-3361042741-711773924-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3957391298-3361042741-711773924-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: DARKMOON
Description: DARKMOON
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Enspert
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: GDMnIcpt
Description: GDMnIcpt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: GDMnIcpt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HookCentre
Description: HookCentre
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HookCentre
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2014 07:48:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 07:46:32 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2014 07:30:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 07:28:27 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2014 07:26:34 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2014 07:24:45 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2014 07:23:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2014 07:21:46 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/08/2014 06:11:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b70

Startzeit: 01d01309e5f0ae7f

Endzeit: 12604

Anwendungspfad: C:\Windows\system32\DllHost.exe

Berichts-ID: 35aa8573-7efd-11e4-aba1-eb5780495cda

Error: (12/07/2014 01:00:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/09/2014 07:46:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDKBFlt
GDMnIcpt
HookCentre

Error: (12/09/2014 07:46:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (12/09/2014 07:46:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 07:43:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 07:43:19 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "G Data Dateisystem Wächter" ist von folgendem Dienst abhängig: GDScan. Dieser Dienst ist eventuell nicht installiert.

Error: (12/09/2014 07:28:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDKBFlt
GDMnIcpt
HookCentre

Error: (12/09/2014 07:28:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (12/09/2014 07:26:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GDBehave
GDKBFlt
GDMnIcpt
HookCentre

Error: (12/09/2014 07:26:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (12/09/2014 07:26:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "G DATA Scheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 29%
Total physical RAM: 6124.16 MB
Available physical RAM: 4297.62 MB
Total Pagefile: 12246.51 MB
Available Pagefile: 10012.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:21.75 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (prim) (Fixed) (Total:415.03 GB) (Free:210.41 GB) NTFS
Drive f: (sec) (Fixed) (Total:516.37 GB) (Free:270.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 57001C83)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 55D63955)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=415 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=516.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


Danke für den Tip!

schrauber 10.12.2014 15:25
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    AutocompletePro


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 







Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

ada2 10.12.2014 17:35
Das Fixlog:
Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014
Ran by ada2 at 2014-12-10 17:26:19 Run:1
Running from C:\Users\ada2\Desktop
Loaded Profiles: ada2 & UpdatusUser (Available profiles: ada2 & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
Und Combofix.txt:

Code:

XCombofix Logfile:

       
Code:

       
ComboFix 14-12-10.03 - ada2 10.12.2014  17:30:18.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6124.3317 [GMT 1:00]
ausgeführt von:: c:\users\ada2\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\windows\msdownld.tmp
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-10 bis 2014-12-10  ))))))))))))))))))))))))))))))
.
.
2014-12-10 16:33 . 2014-12-10 16:33        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2014-12-10 16:33 . 2014-12-10 16:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-12-09 18:50 . 2014-12-10 16:26        --------        d-----w-        C:\FRST
2014-12-09 18:35 . 2014-12-09 18:35        --------        d-----w-        c:\windows\SysWow64\wbem\Logs
2014-12-09 18:35 . 2014-12-09 18:35        --------        d-----w-        c:\program files (x86)\Common Files\G Data
2014-12-08 17:08 . 2014-12-08 17:08        --------        d-----w-        c:\users\ada2\AppData\Roaming\WDC
2014-12-02 12:32 . 2014-12-02 12:32        --------        d-----w-        c:\users\ada2\AppData\Local\MX Simulator Demo
2014-11-30 21:45 . 2014-11-30 21:45        --------        d-----w-        c:\users\ada2\AppData\Roaming\InstallShield
2014-11-30 21:44 . 2014-11-30 21:44        1        ----a-w-        c:\windows\SysWow64\SI.bin
2014-11-23 18:06 . 2014-12-05 14:02        --------        d-----w-        c:\program files (x86)\BlueStacks
2014-11-23 18:06 . 2014-11-23 18:06        --------        d-----w-        c:\programdata\BlueStacks
2014-11-23 18:05 . 2014-11-23 18:05        --------        d-----w-        c:\users\ada2\AppData\Local\Bluestacks
2014-11-14 21:30 . 2014-11-14 21:30        --------        d-----w-        c:\program files (x86)\Common Files\Java
2014-11-10 17:56 . 2014-11-28 16:50        --------        d-----w-        c:\users\ada2\AppData\Roaming\Nitro PDF
2014-11-10 17:55 . 2014-11-10 17:55        --------        d-----w-        c:\users\ada2\AppData\Roaming\Nitro
2014-11-10 17:55 . 2014-11-10 17:55        --------        d-----w-        c:\users\ada2\AppData\Roaming\FileOpen
2014-11-10 17:55 . 2014-11-10 17:55        --------        d-----w-        c:\programdata\FileOpen
2014-11-10 17:54 . 2014-11-10 17:54        --------        d-----w-        c:\programdata\Nitro
2014-11-10 17:54 . 2014-11-10 17:54        --------        d-----w-        c:\users\ada2\AppData\Roaming\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-28 15:43 . 2012-11-17 22:19        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-11-28 15:43 . 2012-11-17 22:18        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-11-22 20:40 . 2012-11-17 22:18        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-11-21 21:47 . 2014-11-06 17:39        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-14 21:30 . 2013-09-04 12:00        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-06 17:58 . 2013-01-18 18:35        466456        ----a-w-        c:\windows\system32\wrap_oal.dll
2014-11-06 17:58 . 2013-01-18 18:35        444952        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2014-11-06 17:58 . 2013-01-18 18:35        122904        ----a-w-        c:\windows\system32\OpenAL32.dll
2014-11-06 17:58 . 2013-01-18 18:35        109080        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2014-10-01 10:11 . 2014-11-06 17:38        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-10-01 10:11 . 2014-11-06 17:38        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 10:11 . 2014-11-06 17:38        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files (x86)\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="e:\office12\GrooveMonitor.exe" [2006-10-26 31016]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-07 843480]
"LogMeIn Hamachi Ui"="f:\hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
"GDFirewallTray"="c:\program files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2014-05-20 1756792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui"="E:\hamachi-2-ui.exe" --auto-start
"TPKMAPHELPER"=c:\program files (x86)\ThinkPad\Utilities\TpKmapAp.exe -helper
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys;c:\windows\SYSNATIVE\drivers\GdNetMon64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R4 Megatech-Software-Protection;Megatech Software Protection;c:\program files (x86)\Megatech\MProtect\MPServ.EXE;c:\program files (x86)\Megatech\MProtect\MPServ.EXE [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S2 AVKService;G DATA Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\hamachi\hamachi-2.exe;f:\hamachi\hamachi-2.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 17:02        1087304        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000Core.job
- c:\users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-21 20:12]
.
2013-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3957391298-3361042741-711773924-1000UA.job
- c:\users\ada2\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-21 20:12]
.
2014-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:22]
.
2014-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 16:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-10-18 1063200]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Free YouTube to MP3 Converter - c:\users\ada2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-BrMfcWnd - c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
AddRemove-Mountain Lion Skin Pack - c:\program files (x86)\Mountain Lion Skin Pack\uninst.exe
AddRemove-PunkBusterSvc - f:\games\origin\BFH Beta\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3957391298-3361042741-711773924-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,cf,a5,a4,38,bc,20,93,5c,0c,ba,32,0c,83,f1,9e,4e,64,9b,48,57,da,ce,
   6b,16,f4,53,50,07,3e,a3,c6,dc,50,06,c9,d8,1f,28,54,6b,99,1e,a6,d5,8b,86,2c,\
"??"=hex:47,5d,0e,8e,02,b8,94,79,0f,70,0e,5f,9b,4c,3b,d6
.
[HKEY_USERS\S-1-5-21-3957391298-3361042741-711773924-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,5f,fe,46,84,92,0f,dc,5c,d6,8f,e1,ff,c1,8d,13,73,27,28,e7,1e,
   b4,02,2c,fd,a4,15,15,ad,35,4e,72,82,2c,29,ff,70,6e,8b,41,d4,f0,21,cc,48,f4,\
"rkeysecu"=hex:2b,05,56,3c,ae,dc,f3,3a,71,91,14,54,eb,16,f2,b3
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-10  17:34:13
ComboFix-quarantined-files.txt  2014-12-10 16:34
.
Vor Suchlauf: 15 Verzeichnis(se), 26.654.101.504 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 26.362.138.624 Bytes frei
.
- - End Of File - - 35D0106DA8D3DBD366C6A1973C426A89

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
Danke!

schrauber 11.12.2014 10:31
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

ada2 11.12.2014 12:50
Hallo,
mbam.txt:

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.12.2014
Suchlauf-Zeit: 12:30:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.11.21.11
Rootkit Datenbank: v2014.11.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ada2

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 374078
Verstrichene Zeit: 3 Min, 45 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner txt:

AdwCleaner Logfile:
Code:
# AdwCleaner v4.105 - Bericht erstellt am 11/12/2014 um 12:42:33
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ada2 - ADA2-PC
# Gestartet von : C:\Users\ada2\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\ada2\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\ada2\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\ada2\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\ada2\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\ada2\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AutocompleteProBHO
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\systweak

***** [ Browser ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v32.0.3 (x86 de)


-\\ Google Chrome v39.0.2171.71


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [4055 octets] - [11/12/2014 12:38:35]
AdwCleaner[S0].txt - [3460 octets] - [11/12/2014 12:42:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3520 octets] ##########
--- --- ---

[/CODE]


JRT.txt:

JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by ada2 on 11.12.2014 at 12:46:06,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.12.2014 at 12:47:46,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---



Und die frische FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by ada2 (administrator) on ADA2-PC on 11-12-2014 12:44:22
Running from C:\Users\ada2\Desktop
Loaded Profiles: ada2 & UpdatusUser (Available profiles: ada2 & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Windows\SysWOW64\TpKmpSvc.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
(LogMeIn Inc.) F:\hamachi\hamachi-2.exe
(LogMeIn, Inc.) F:\hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(LogMeIn Inc.) F:\hamachi\hamachi-2-ui.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(LogMeIn, Inc.) F:\hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => E:\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\Run: [TPKMAPMN] => C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe [49152 2007-09-21] ()
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Office12\GR469A~1.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3957391298-3361042741-711773924-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3957391298-3361042741-711773924-1002\Software\Microsoft\Internet Explorer\Main,Local Page =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3957391298-3361042741-711773924-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3957391298-3361042741-711773924-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Stylish - C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-06-30]
FF Extension: NoScript - C:\Users\ada2\AppData\Roaming\Mozilla\Firefox\Profiles\f3rggok7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-04]
FF StartMenuInternet: FIREFOX.EXE - F:\Alles von 14-11.12\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWmP-HHBmnSXtTtLCBlItF5r8EKq0DLv-L4HfwXF0iNGlgCMRht_nC4UUbXXF-x7oK2g9Q_eEkheOsPk2KRvr5yw7COMaTmqKtgdewbk8pFPd1-e-wpKkQg62bGqOVUzAuW7sVGcu4VeWVGaD7o--uLDVDYLc,
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (Desmos Graphing Calculator) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2014-07-03]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-03-29]
CHR Extension: (AdBlock) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-30]
CHR Extension: (Deezer Mediakeys Reloaded) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjacdgelmcehgcakabkobhgiamfklah [2014-10-28]
CHR Extension: (FoxyDeal) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jelbcgibfifpplacnbbflieigmcbpkec [2014-11-30]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-10-28]
CHR Extension: (Google Wallet) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Deezer) - C:\Users\ada2\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2013-10-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
S2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2683760 2014-05-20] (G Data Software AG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 Hamachi2Svc; F:\hamachi\hamachi-2.exe [2530128 2014-12-01] (LogMeIn Inc.)
S4 Megatech-Software-Protection; C:\Program Files (x86)\Megatech\MProtect\MPServ.EXE [36864 2007-12-12] () [File not signed]
S4 Microsoft Office Groove Audit Service; E:\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-30] ()
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-07-07] (Microsoft Corporation) [File not signed]
R2 TpKmpSVC; C:\Windows\SysWOW64\TpKmpSVC.exe [32768 2006-06-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-31] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-21] (DT Soft Ltd)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-08-20] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon64.sys [31448 2012-11-14] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-31] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-20] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2013-03-20] (RapidSolution Software AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 GDBehave; system32\drivers\GDBehave.sys [X]
S1 GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [X]
S1 HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 12:41 - 2014-12-11 12:43 - 00003620 _____ () C:\Users\ada2\Desktop\Neues Textdokument.txt
2014-12-11 12:38 - 2014-12-11 12:42 - 00000000 ____D () C:\AdwCleaner
2014-12-11 12:36 - 2014-12-11 12:36 - 00001201 _____ () C:\Users\ada2\Desktop\mbam.txt
2014-12-11 12:33 - 2014-12-11 12:33 - 02166272 _____ () C:\Users\ada2\Desktop\AdwCleaner_4.105.exe
2014-12-11 06:45 - 2014-12-11 06:45 - 00058212 _____ () C:\Users\ada2\Downloads\92155_AWD_System.phz
2014-12-10 17:34 - 2014-12-10 17:34 - 00017733 _____ () C:\ComboFix.txt
2014-12-10 17:29 - 2014-12-10 17:29 - 00001416 _____ () C:\Users\ada2\Desktop\ComboFix - Verknüpfung.lnk
2014-12-10 17:28 - 2014-12-10 17:34 - 00000000 ____D () C:\Qoobox
2014-12-10 17:28 - 2014-12-10 17:33 - 00000000 ____D () C:\Windows\erdnt
2014-12-10 17:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-10 17:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-10 17:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-10 17:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-10 17:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-10 17:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-10 17:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-10 17:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-10 17:25 - 2014-12-10 17:26 - 05600944 ____R (Swearware) C:\Users\ada2\Downloads\ComboFix.exe
2014-12-09 19:51 - 2014-12-09 19:51 - 00031020 _____ () C:\Users\ada2\Desktop\Addition.txt
2014-12-09 19:50 - 2014-12-11 12:44 - 00016348 _____ () C:\Users\ada2\Desktop\FRST.txt
2014-12-09 19:50 - 2014-12-11 12:44 - 00000000 ____D () C:\FRST
2014-12-09 19:50 - 2014-12-09 19:50 - 02785665 _____ (PortableApps.com) C:\Users\ada2\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2014-12-09 19:50 - 2014-12-09 19:50 - 02119680 _____ (Farbar) C:\Users\ada2\Desktop\FRST64.exe
2014-12-09 19:47 - 2014-12-09 19:47 - 00002980 _____ () C:\Windows\System32\Tasks\{AE977176-56BF-4E8D-B089-30EF91B12DE2}
2014-12-09 19:47 - 2014-12-09 19:47 - 00002980 _____ () C:\Windows\System32\Tasks\{962CB599-C70C-425A-8E4C-B8BE6AE407FF}
2014-12-09 19:35 - 2014-12-09 19:35 - 00002050 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2014-12-09 19:35 - 2014-12-09 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2014-12-09 19:28 - 2014-12-09 19:31 - 200825928 _____ (G Data Software AG) C:\Users\ada2\Downloads\INT_R_BASE_2015_IS.exe
2014-12-09 19:22 - 2014-12-09 19:22 - 00896280 _____ () C:\Users\ada2\Downloads\Norton_Removal_Tool.exe
2014-12-09 19:19 - 2014-12-09 19:19 - 00411144 _____ () C:\Users\ada2\Downloads\AVCleaner.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 00019813 _____ () C:\Users\ada2\Downloads\92160_Roller-Delayed_Blowback.phz
2014-12-09 17:37 - 2014-12-09 17:39 - 25453214 _____ () C:\Users\ada2\Downloads\Map_SpinTires_-_Level_Up_2.0.rar
2014-12-09 17:36 - 2014-12-09 17:37 - 19849446 _____ () C:\Users\ada2\Downloads\LandRover_III_v2.zip
2014-12-09 13:20 - 2014-12-09 13:20 - 00390360 _____ () C:\Users\ada2\Downloads\92121_Gun_with_gas_operation_system.phz
2014-12-09 13:17 - 2014-12-09 13:17 - 00548832 _____ () C:\Users\ada2\Downloads\91962_Smashable_Ball.phz
2014-12-08 18:08 - 2014-12-08 18:08 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\WDC
2014-12-08 16:25 - 2014-12-08 16:26 - 00157277 _____ () C:\Users\ada2\Downloads\41344_Jeep_Cherokee.phz
2014-12-08 16:25 - 2014-12-08 16:25 - 01047594 _____ () C:\Users\ada2\Downloads\37103_Crown_Victoria_rear_update.phz
2014-12-08 16:23 - 2014-12-08 16:23 - 00214033 _____ () C:\Users\ada2\Downloads\92037_________________________2101-2107.phz
2014-12-07 12:26 - 2014-12-07 12:26 - 00000000 ____D () C:\Users\ada2\Desktop\Fliege
2014-12-07 11:58 - 2014-12-07 12:17 - 00000000 ____D () C:\Users\ada2\Desktop\Me
2014-12-07 11:50 - 2014-12-07 11:50 - 00045082 _____ () C:\Users\ada2\Downloads\91906_honda_one_cylinder_70_cc_4_stroke_electric_start_low_rpm_engine.phz
2014-12-06 19:23 - 2014-12-06 19:46 - 00000000 ____D () C:\Users\ada2\Desktop\SC Trucks 6.12.14
2014-12-06 18:03 - 2014-12-06 18:03 - 00456834 _____ () C:\Users\ada2\Downloads\92009_Cannon_V20.phz
2014-12-06 15:21 - 2014-12-06 15:21 - 00094931 _____ () C:\Users\ada2\Downloads\91629_JH-Katiba_65mm_Drum_mag.phz
2014-12-06 13:52 - 2014-12-06 13:52 - 07779858 _____ () C:\Users\ada2\Downloads\81564_SWAT_MP_9mm.phz
2014-12-06 13:51 - 2014-12-06 13:51 - 00058237 _____ () C:\Users\ada2\Downloads\91668_JH-Para_P4_Final.phz
2014-12-06 13:49 - 2014-12-06 13:49 - 00061031 _____ () C:\Users\ada2\Downloads\91767_Mossberg_500_Tuned (1).phz
2014-12-06 13:47 - 2014-12-06 13:47 - 00093781 _____ () C:\Users\ada2\Downloads\56112_Diesel_76 (1).phz
2014-12-06 13:46 - 2014-12-06 13:46 - 00069091 _____ () C:\Users\ada2\Downloads\56075_Diesel_59.phz
2014-12-06 13:41 - 2014-12-06 13:41 - 00336797 _____ () C:\Users\ada2\Downloads\91913_Speed_Dual-Suspension_test.phz
2014-12-05 21:24 - 2014-12-05 21:24 - 00115698 _____ () C:\Users\ada2\Downloads\62151_M16A3_Version_3.phz
2014-12-05 21:23 - 2014-12-05 21:23 - 00035694 _____ () C:\Users\ada2\Downloads\62746_New_Suspensions____VERY_LONG.phz
2014-12-05 21:11 - 2014-12-05 21:11 - 00845191 _____ () C:\Users\ada2\Downloads\91907_Suspension.phz
2014-12-02 13:32 - 2014-12-02 13:32 - 00000000 ____D () C:\Users\ada2\AppData\Local\MX Simulator Demo
2014-12-02 13:26 - 2014-12-02 13:27 - 79732217 _____ () C:\Users\ada2\Downloads\mxsimulator-demo-1_8-install.exe
2014-11-30 22:45 - 2014-11-30 22:45 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\InstallShield
2014-11-30 22:44 - 2014-11-30 22:44 - 00000001 _____ () C:\Windows\SysWOW64\SI.bin
2014-11-30 21:43 - 2014-11-30 21:43 - 00021659 _____ () C:\Users\ada2\Downloads\91630_my_1st_cannon.phz
2014-11-30 21:40 - 2014-11-30 21:40 - 00061031 _____ () C:\Users\ada2\Downloads\91767_Mossberg_500_Tuned.phz
2014-11-29 10:51 - 2014-11-29 10:51 - 00067934 _____ () C:\Users\ada2\Downloads\91667_JH-ARX_RG.phz
2014-11-29 10:46 - 2014-11-29 10:46 - 03123147 _____ () C:\Users\ada2\Downloads\91670_Agram_2000.phz
2014-11-28 16:38 - 2014-11-28 16:38 - 00075287 _____ () C:\Users\ada2\Downloads\91629_JH-Katoba_65mm_Bullpup.phz
2014-11-27 12:23 - 2014-11-27 12:23 - 00298896 _____ () C:\Users\ada2\Downloads\91586_PM5_Shotgun_.phz
2014-11-27 12:21 - 2014-11-27 12:21 - 00060993 _____ () C:\Users\ada2\Downloads\91587_Mossberg_500.phz
2014-11-26 21:54 - 2014-11-26 21:54 - 00263104 _____ () C:\Users\ada2\Downloads\84302_1911_man_2.phz
2014-11-26 19:19 - 2014-11-26 19:19 - 00066528 _____ () C:\Users\ada2\Downloads\91531_Racing_V8_Collide_Engine_(Throttle-able).phz
2014-11-25 13:55 - 2014-11-25 13:55 - 00023035 _____ () C:\Users\ada2\Downloads\91488_Fuel_Tank__with_leveler_.phz
2014-11-24 21:27 - 2014-11-24 21:27 - 00037842 _____ () C:\Users\ada2\Downloads\91197_Magnum_Ammo.phz
2014-11-24 17:43 - 2014-11-24 17:43 - 00434866 _____ () C:\Users\ada2\Downloads\91435_SA_EMP_9mm.phz
2014-11-23 19:32 - 2014-11-23 19:33 - 00000000 ____D () C:\Users\ada2\Desktop\Darkmoon Backup einsenden 23.11.14
2014-11-23 19:06 - 2014-12-05 15:02 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-11-23 19:06 - 2014-11-23 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-11-23 19:06 - 2014-11-23 19:06 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-11-23 19:05 - 2014-11-23 19:05 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\ada2\Downloads\BlueStacks-SplitInstaller_native.exe
2014-11-23 19:05 - 2014-11-23 19:05 - 00000000 ____D () C:\Users\ada2\AppData\Local\Bluestacks
2014-11-23 00:11 - 2014-11-23 00:11 - 00386434 _____ () C:\Users\ada2\Downloads\91417_Glock_Gun_And_Airsoft.phz
2014-11-20 21:08 - 2014-11-20 21:08 - 00886718 _____ () C:\Users\ada2\Downloads\attachments+2ndislandweapons.zip
2014-11-20 19:59 - 2014-11-20 19:59 - 03123500 _____ () C:\Users\ada2\Downloads\attachments_patch.zip
2014-11-20 19:54 - 2014-11-20 19:54 - 00457391 _____ () C:\Users\ada2\Downloads\91318_P226.phz
2014-11-19 10:15 - 2014-11-19 10:15 - 00349930 _____ () C:\Users\ada2\Downloads\91266_taljajousi_V2_taulu.phz
2014-11-18 17:43 - 2014-11-18 17:43 - 00522452 _____ () C:\Users\ada2\Downloads\91167_PISTOOLI.phz
2014-11-17 18:09 - 2014-11-17 18:09 - 01354534 _____ () C:\Users\ada2\Downloads\ejs_bu_waves_Ripple_Tank_Interference.jar
2014-11-16 15:21 - 2014-11-16 15:21 - 00076670 _____ () C:\Users\ada2\Downloads\91188_open-bolt_smg.phz
2014-11-14 22:29 - 2014-11-14 22:29 - 00638888 _____ (Oracle Corporation) C:\Users\ada2\Downloads\chromeinstall-8u25.exe
2014-11-14 21:58 - 2014-11-14 21:58 - 00816698 _____ () C:\Users\ada2\Downloads\91099_Speed_Shop30.phz
2014-11-14 21:11 - 2014-11-14 21:11 - 00000683 _____ () C:\Users\ada2\Desktop\MSI Afterburner.lnk
2014-11-14 21:04 - 2014-11-14 21:04 - 34323316 _____ () C:\Users\ada2\Downloads\MSIAfterburnerSetup400.zip
2014-11-14 17:56 - 2014-11-14 17:56 - 00067387 _____ () C:\Users\ada2\Downloads\Far-Cry-3-Blood-Dragon-ubiorbitapi_r2.dll-ubiorbitapi_r2_loader.dll.rar
2014-11-13 18:26 - 2014-11-13 18:26 - 00000811 _____ () C:\Users\Public\Desktop\FarCry 3.lnk
2014-11-12 17:30 - 2014-11-12 17:30 - 00282295 _____ () C:\Users\ada2\Downloads\90713_Tubegun (1).phz
2014-11-11 22:20 - 2014-11-11 22:20 - 00043583 _____ () C:\Users\ada2\Downloads\48618_Automatic_Gun_recoil_powered (1).phz
2014-11-11 22:18 - 2014-11-11 22:18 - 00660676 _____ () C:\Users\ada2\Downloads\90122_NG-SMG-5 (2).phz
2014-11-11 22:17 - 2014-11-11 22:17 - 00168116 _____ () C:\Users\ada2\Downloads\90116_Open_Bolt_240RPM_(upd).phz
2014-11-11 22:14 - 2014-11-11 22:14 - 00076109 _____ () C:\Users\ada2\Downloads\55170_gasgun_v16c.phz
2014-11-11 22:09 - 2014-11-11 22:09 - 00143835 _____ () C:\Users\ada2\Downloads\36884_Carbine_1_u.phz
2014-11-11 22:08 - 2014-11-11 22:08 - 00092492 _____ () C:\Users\ada2\Downloads\35303_Automaticrifle_1.phz
2014-11-11 22:06 - 2014-11-11 22:06 - 00038537 _____ () C:\Users\ada2\Downloads\72379_bullet_concept.phz
2014-11-11 22:03 - 2014-11-11 22:03 - 00280132 _____ () C:\Users\ada2\Downloads\64935_bolty_rifle.phz
2014-11-11 18:34 - 2014-11-11 18:34 - 00133435 _____ () C:\Users\ada2\Downloads\90967_Fast_Rifle_Reupload.phz

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 12:44 - 2012-11-14 18:25 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Skype
2014-12-11 12:43 - 2013-03-25 17:44 - 00000000 ____D () C:\Users\ada2\AppData\Local\LogMeIn Hamachi
2014-12-11 12:43 - 2012-11-15 17:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 12:43 - 2012-11-13 21:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-11 12:43 - 2010-11-21 04:47 - 00841304 _____ () C:\Windows\PFRO.log
2014-12-11 12:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-11 12:43 - 2009-07-14 05:51 - 00147650 _____ () C:\Windows\setupact.log
2014-12-11 12:42 - 2012-11-13 15:24 - 01478200 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 12:30 - 2014-11-06 18:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-11 12:26 - 2012-11-15 17:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 06:45 - 2013-05-14 21:10 - 00000000 ____D () C:\Users\ada2\Documents\Algodoo
2014-12-10 21:32 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 21:32 - 2009-07-14 05:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 21:29 - 2010-11-21 07:50 - 00700342 _____ () C:\Windows\system32\perfh007.dat
2014-12-10 21:29 - 2010-11-21 07:50 - 00149138 _____ () C:\Windows\system32\perfc007.dat
2014-12-10 21:29 - 2009-07-14 06:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-10 17:49 - 2012-11-14 14:30 - 00000000 ____D () C:\ProgramData\G DATA
2014-12-10 17:47 - 2014-02-28 18:15 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\SpinTires
2014-12-10 17:34 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-10 17:33 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-09 20:43 - 2014-02-28 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oovee
2014-12-09 19:35 - 2012-11-22 17:44 - 00048840 _____ () C:\Windows\DPINST.LOG
2014-12-09 19:35 - 2012-11-14 14:30 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-12-09 19:23 - 2014-11-06 21:20 - 00000000 ____D () C:\ProgramData\Norton
2014-12-09 19:23 - 2014-11-06 21:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-07 12:38 - 2014-03-18 20:51 - 00000530 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi.lnk
2014-12-06 15:21 - 2014-03-24 19:43 - 00000000 ____D () C:\Users\ada2\AppData\Local\CrashDumps
2014-12-05 21:54 - 2013-11-30 14:55 - 00000000 ____D () C:\Users\ada2\Desktop\Q11;12
2014-12-05 21:53 - 2013-01-03 21:49 - 00000000 ____D () C:\Users\ada2\Desktop\alles
2014-12-01 08:28 - 2012-11-14 14:52 - 00108448 _____ () C:\Users\ada2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-01 08:27 - 2009-07-14 05:45 - 00407272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-30 22:44 - 2013-12-22 16:19 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-11-30 22:44 - 2012-11-13 21:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-30 22:39 - 2014-06-22 14:51 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\inkscape
2014-11-30 22:37 - 2012-11-15 17:22 - 00000000 ____D () C:\Users\ada2\AppData\Local\Google
2014-11-28 17:50 - 2014-11-10 18:56 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\Nitro PDF
2014-11-28 16:43 - 2012-11-17 23:19 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-11-28 16:43 - 2012-11-17 23:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-23 19:12 - 2013-08-01 18:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-23 19:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-22 21:40 - 2012-11-17 23:18 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-11-16 21:10 - 2012-11-15 17:22 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 21:10 - 2012-11-15 17:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 10:27 - 2013-06-25 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 22:33 - 2014-03-02 10:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 22:30 - 2014-03-02 10:40 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-14 22:30 - 2013-09-04 13:00 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-14 22:30 - 2013-09-04 13:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-13 18:27 - 2012-12-01 11:04 - 00000000 ____D () C:\Users\ada2\Documents\My Games
2014-11-13 18:27 - 2012-12-01 11:04 - 00000000 ____D () C:\ProgramData\Orbit
2014-11-13 18:14 - 2013-02-03 15:49 - 00000000 ____D () C:\ProgramData\Nero
2014-11-13 18:10 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-12 19:13 - 2013-05-22 17:37 - 00000000 ____D () C:\Users\ada2\AppData\Roaming\vlc

Some content of TEMP:
====================
C:\Users\ada2\AppData\Local\Temp\Quarantine.exe
C:\Users\ada2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 13:02

==================== End Of Log ============================
--- --- ---


Mfg.
ada2

schrauber 12.12.2014 09:45

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19