Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internetexplorer extrem langsam (https://www.trojaner-board.de/163348-internetexplorer-extrem-langsam.html)

Spätzünder 29.01.2015 16:12
Internetexplorer extrem langsam
 
Liebe Experten,
seid bitte nachsichtig, wenn njcht alles ganz fachmännisch klingt, aber ich lerne auch noch mit 80 dazu.
Seid etwa einer Woche melden sich die Seiten im Internet sehr langsam und oft auch unvollständig. Ich nutze Windows 7 Professionell (64 B) und den Internetexplorrer 11. Auch Versuche mit Chrom und Firefox brachten nichts Besseres. Lediglich über den
"Sicheren Zahlungsverkehr" von Kaspersky laufen die Bankgeschäfte wie immer.
Alle Versuche der Reinigung mit CCleaner, WashundGo, PC Fresch, WinSysClean,, Registry
Cleaner und des updatens mit UpdateStar brachten keine Besserung. Nun muss ich hier um Rat und Hilfe bitten.

schrauber 29.01.2015 17:02
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Spätzünder 29.01.2015 19:05
Hallo, Schrauber
ich entschuldige mich für die unvollständige Anfrage. Ich hatte ein paar Probleme mit den
verwalten der Dateien. Als ich alles klar hatte, waren die 60 Minuten gerade um. Ich kam nicht mehr ran für die Ergänzungen. Deshalb jetzt die fehlenden Berichte.
GMER : Dwnload gestört.
1. Laufwerksemulaion abschalten mit Defogger: erledigt
2.Systemscan mit FRST:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Chef3 (administrator) on KLAUS3-PC on 29-01-2015 17:03:42
Running from C:\Users\Chef3\Downloads
Loaded Profiles: Chef3 & UpdatusUser & _ocster_backup_ (Available profiles: Chef3 & UpdatusUser & _ocster_backup_)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Ascora GmbH) C:\Program Files (x86)\StartupStar\StartupStar.exe
() C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe
() C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Ascora GmbH) C:\Program Files (x86)\GoogleClean\GoogleRadar.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Dell) C:\Users\Chef3\AppData\Local\Apps\2.0\7XTQ2LMJ.VRT\01MNL4LE.89V\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Siliten) C:\Program Files (x86)\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Ascora GmbH) C:\Program Files (x86)\PC Fresh\PC Fresh.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [524928 2011-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [312664 2014-02-04] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Run: [EPSON BX305 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Run: [DellSystemDetect] => C:\Users\Chef3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Run: [GoogleRadar] => C:\Program Files (x86)\GoogleClean\GoogleRadar.exe [2717960 2015-01-19] (Ascora GmbH)
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\Policies\Explorer: [NoResolveSearch] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1906148964-138570781-1934493635-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland ? jetzt mit dem Hotmail Nachfolger Outlook und dem Messenger Nachfolger Skype
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-1906148964-138570781-1934493635-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1906148964-138570781-1934493635-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1906148964-138570781-1934493635-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1906148964-138570781-1934493635-1016 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1906148964-138570781-1934493635-1022 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1906148964-138570781-1934493635-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1906148964-138570781-1934493635-1003 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM-x32 {2665693B-C4F3-434B-83DB-7574CF50C8B7} hxxp://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab
DPF: HKLM-x32 {8C922C73-FFFA-45A3-B2C2-BC1E30074267} hxxp://www.sony.de/bravia/RegistrationAgent.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} Dell Official Site - The Power To Do More | Dell
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{73E13ECC-3B88-47AC-B53C-7E34A8246897}: [NameServer] 95.211.37.200,198.101.13.115
Tcpip\..\Interfaces\{D7482328-582E-4126-9A1C-2581B61C9444}: [NameServer] 95.211.37.200,198.101.13.115

FireFox:
========
FF ProfilePath: C:\Users\Chef3\AppData\Roaming\Mozilla\Firefox\Profiles\xvejke5j.default-1418400123387
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=BDT1&ocid=BDT1DHP&DT=011715
FF Keyword.URL: hxxp://www.bing.com/search?FORM=BDT1DF&PC=BDT1&dt=011715&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [jid0-1wPBLrijxGVkIUhu0kFYq6ZaWzA@jetpack] - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox
FF Extension: AntiBrowserSpy - SocialBlocker - C:\Program Files (x86)\AntiBrowserSpy\Addons\Firefox [2014-10-05]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-23]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-23]

Chrome:
=======
CHR DefaultSearchKeyword: Default -> search
CHR DefaultSearchURL: Default -> hxxp://www.gsrch.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?output=firefox&q={searchTerms}
CHR Profile: C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-14]
CHR Extension: (Google Docs) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-14]
CHR Extension: (Google Drive) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-27]
CHR Extension: (YouTube) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-14]
CHR Extension: (Google-Suche) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-14]
CHR Extension: (Kaspersky Protection) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-09-03]
CHR Extension: (Google Tabellen) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-02-05]
CHR Extension: (Ghostery) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (AntiBrowserSpy - SocialBlocker) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohfajmmkkdjdoaoncnnbgfoomiakgbd [2014-10-20]
CHR Extension: (Google Mail) - C:\Users\Chef3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-14]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-04-09]
CHR HKLM-x32\...\Chrome\Extension: [oohfajmmkkdjdoaoncnnbgfoomiakgbd] - C:\Program Files (x86)\AntiBrowserSpy\Addons\Chrome.crx [2014-10-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23896 2014-02-04] ()
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-04-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Chef3\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U3 fwdiipog; \??\C:\Users\Chef3\AppData\Local\Temp\fwdiipog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 16:49 - 2015-01-29 16:49 - 00050477 _____ () C:\Users\Chef3\Downloads\Defogger.exe
2015-01-29 14:48 - 2015-01-29 14:48 - 00048764 _____ () C:\Users\Chef3\Downloads\Addition.txt
2015-01-29 14:47 - 2015-01-29 17:03 - 00026226 _____ () C:\Users\Chef3\Downloads\FRST.txt
2015-01-29 14:46 - 2015-01-29 14:47 - 02130432 _____ (Farbar) C:\Users\Chef3\Downloads\FRST64.exe
2015-01-29 13:34 - 2015-01-29 13:34 - 00380416 _____ () C:\Users\Chef3\Downloads\zz3ryn76.exe
2015-01-29 13:30 - 2015-01-29 13:30 - 00380416 _____ () C:\Users\Chef3\Downloads\nt6uvp2p.exe
2015-01-29 13:00 - 2015-01-29 13:00 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357 (5).exe
2015-01-29 12:53 - 2015-01-29 12:57 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357 (4).exe
2015-01-29 12:52 - 2015-01-29 12:52 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357 (3).exe
2015-01-29 12:51 - 2015-01-29 12:51 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357 (2).exe
2015-01-29 12:50 - 2015-01-29 12:50 - 00380416 _____ () C:\Users\Chef3\Downloads\x0jen5g2.exe
2015-01-29 12:47 - 2015-01-29 12:47 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357 (1).exe
2015-01-29 12:42 - 2015-01-29 12:42 - 00380416 _____ () C:\Users\Chef3\Downloads\s69siw4s.exe
2015-01-29 11:14 - 2015-01-29 16:35 - 00052494 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 11:11 - 2015-01-29 11:11 - 00129616 _____ () C:\Users\Chef3\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-29 11:10 - 2015-01-29 11:34 - 00000112 _____ () C:\Windows\setupact.log
2015-01-29 11:10 - 2015-01-29 11:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 11:09 - 2015-01-29 11:11 - 00467776 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-29 11:09 - 2015-01-29 11:09 - 00001932 _____ () C:\Windows\PFRO.log
2015-01-28 15:53 - 2015-01-28 15:54 - 00380416 _____ () C:\Users\Chef3\Downloads\Gmer-19357.exe
2015-01-28 14:14 - 2015-01-29 17:03 - 00000000 ____D () C:\FRST
2015-01-28 14:05 - 2015-01-28 14:05 - 00000000 _____ () C:\Users\Chef3\defogger_reenable
2015-01-27 19:24 - 2015-01-27 19:24 - 00000000 ____D () C:\Windows\ERUNT
2015-01-27 13:29 - 2015-01-29 10:36 - 00000000 ____D () C:\AdwCleaner
2015-01-27 13:29 - 2015-01-27 13:29 - 02194432 _____ () C:\Users\Chef3\Downloads\adwcleaner_4.109.exe
2015-01-24 22:44 - 2015-01-25 09:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\01AC4D42.sys
2015-01-24 22:43 - 2015-01-24 22:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\12024CF4.sys
2015-01-23 12:37 - 2015-01-23 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-23 12:37 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-01-23 12:36 - 2015-01-23 12:36 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-23 12:36 - 2015-01-23 12:36 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-23 12:36 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-23 12:19 - 2015-01-23 12:20 - 204164680 _____ () C:\Users\Chef3\Downloads\kis15.0.1.415de-de.exe
2015-01-23 10:34 - 2015-01-23 14:44 - 00278960 _____ () C:\Users\Chef3\Downloads\updatestardrivers_installer.exe
2015-01-21 13:32 - 2015-01-21 13:30 - 00243728 _____ () C:\Users\Chef3\Downloads\Firefox%20Setup%20Stub%2035.0.exe
2015-01-21 13:09 - 2015-01-21 13:09 - 00000000 ____D () C:\Windows\en
2015-01-21 13:07 - 2015-01-21 13:07 - 00001350 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-01-21 13:07 - 2015-01-21 13:07 - 00001277 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-01-21 13:07 - 2015-01-21 13:07 - 00000000 ____D () C:\Windows\de
2015-01-21 13:07 - 2015-01-21 13:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-21 13:06 - 2015-01-21 13:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-21 13:06 - 2015-01-21 13:06 - 00001424 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-21 13:06 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-01-21 13:05 - 2015-01-21 13:06 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-21 12:57 - 2015-01-21 12:57 - 00002032 _____ () C:\Users\Chef3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UpdateStar.lnk
2015-01-21 11:06 - 2015-01-21 11:06 - 00001093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-01-21 11:06 - 2015-01-21 11:06 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-01-20 11:36 - 2015-01-29 11:08 - 00000262 _____ () C:\Windows\Tasks\WashAndGoNGOwnSchedule.job
2015-01-20 11:36 - 2015-01-20 11:36 - 00002980 _____ () C:\Windows\System32\Tasks\WashAndGoNGOwnSchedule
2015-01-20 10:08 - 2015-01-20 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoogleClean
2015-01-18 15:33 - 2015-01-23 15:41 - 00014093 _____ () C:\Windows\system32\ScanResults.xml
2015-01-18 15:29 - 2015-01-23 15:35 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-17 17:45 - 2015-01-17 17:45 - 00000000 __HDC () C:\Users\Chef3\AppData\Local\{B7444167-DCAD-434E-A694-81907DE70A78}
2015-01-17 17:45 - 2015-01-17 17:45 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
2015-01-17 14:22 - 2015-01-17 14:22 - 00000000 _____ () C:\Users\Chef3\Sti_Trace.log
2015-01-17 14:07 - 2015-01-17 14:24 - 18624512 _____ () C:\Users\Chef3\Downloads\epson326328eu [1].exe
2015-01-17 13:56 - 2015-01-17 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-01-17 12:35 - 2015-01-17 12:35 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll
2015-01-17 12:31 - 2015-01-17 12:31 - 10294488 _____ (Microsoft Corporation) C:\Users\Chef3\Downloads\BingDesktopSetup [1].exe
2015-01-17 11:56 - 2015-01-17 11:55 - 18323160 _____ (Abelssoft ) C:\Users\Chef3\Downloads\washandgo [1].exe
2015-01-17 10:19 - 2015-01-29 15:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 10:19 - 2015-01-17 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 10:19 - 2015-01-17 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-17 10:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 10:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 15:53 - 2015-01-16 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-16 15:13 - 2015-01-17 17:52 - 00000000 ____D () C:\Program Files\WinSysClean X6 Trial
2015-01-16 15:10 - 2015-01-16 15:10 - 19542344 _____ (Ultimate Systems, Inc. ) C:\Users\Chef3\Downloads\wsc_x6_v16_setup_CB-DL-Manager [1].exe
2015-01-16 11:20 - 2015-01-16 11:20 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\Opera Software
2015-01-16 11:20 - 2015-01-16 11:20 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Opera Software
2015-01-16 11:17 - 2015-01-16 11:29 - 00000000 ____D () C:\rei
2015-01-16 11:15 - 2015-01-16 11:14 - 00447792 _____ (Microsoft Corporation) C:\Users\Chef3\Downloads\microsoft-fix-it-center.exe
2015-01-14 17:00 - 2015-01-14 17:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 17:00 - 2015-01-14 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-01-14 09:56 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:56 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:56 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:56 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:56 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:56 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:56 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:56 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:56 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:56 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:56 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:56 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:56 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 22:22 - 2015-01-01 22:22 - 00000000 ____D () C:\Windows\SysWOW64\%Data%

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 16:38 - 2011-10-23 16:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-29 16:23 - 2012-03-29 08:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:38 - 2011-10-23 16:49 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-29 12:40 - 2014-08-23 19:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-29 11:43 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 11:43 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 11:36 - 2012-08-22 21:00 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-29 11:36 - 2011-10-23 08:58 - 00000000 ____D () C:\Users\Chef3\AppData\Local\SoftThinks
2015-01-29 11:36 - 2011-10-10 14:18 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-01-29 11:35 - 2014-01-09 15:41 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Deployment
2015-01-29 11:35 - 2013-04-30 09:14 - 00000278 _____ () C:\Windows\Tasks\AbelssoftPreloader.job
2015-01-29 11:34 - 2013-05-03 09:20 - 00000262 _____ () C:\Windows\Tasks\StartupStar Firewall.job
2015-01-29 11:34 - 2012-08-23 06:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-29 11:34 - 2011-11-06 09:50 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-01-29 11:34 - 2011-10-10 12:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 11:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 10:36 - 2013-05-08 09:51 - 00000000 ____D () C:\Windows\MiniDump
2015-01-29 10:36 - 2011-10-29 17:11 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Microsoft Help
2015-01-28 19:58 - 2013-04-23 19:14 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\TV-Browser
2015-01-28 14:05 - 2011-10-23 08:58 - 00000000 ____D () C:\Users\Chef3
2015-01-28 10:39 - 2011-10-10 14:40 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-27 23:34 - 2013-10-27 09:23 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 23:33 - 2014-10-27 10:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 23:32 - 2014-10-27 10:15 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 23:32 - 2014-10-27 10:15 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 23:32 - 2014-10-27 10:15 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 23:32 - 2014-10-27 10:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-27 23:32 - 2014-10-27 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-27 11:10 - 2013-05-26 10:09 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-26 12:33 - 2013-08-09 09:56 - 00000000 ____D () C:\Program Files (x86)\AntiBrowserSpy
2015-01-26 10:08 - 2012-05-22 14:42 - 00000000 ____D () C:\ProgramData\Netzmanager
2015-01-26 10:06 - 2014-05-09 14:18 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Netzmanager.lnk
2015-01-26 10:06 - 2014-05-09 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
2015-01-26 10:06 - 2014-05-09 14:18 - 00000000 ____D () C:\Program Files\Netzmanager
2015-01-25 18:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-25 17:45 - 2014-03-31 09:16 - 00000000 ____D () C:\Users\_ocster_backup_
2015-01-25 17:43 - 2011-11-09 18:58 - 00000000 ____D () C:\ProgramData\Ocster Backup
2015-01-25 17:43 - 2011-11-08 17:56 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Abelssoft
2015-01-25 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-25 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 16:26 - 2014-04-08 08:42 - 00000000 ____D () C:\Users\Chef3\AppData\Local\CrashDumps
2015-01-25 09:24 - 2012-03-29 08:40 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 09:24 - 2012-03-29 08:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 09:24 - 2011-10-10 14:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 22:48 - 2014-12-26 22:55 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm
2015-01-23 12:40 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-23 12:40 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-23 12:40 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-21 14:55 - 2011-10-25 10:40 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Windows Live
2015-01-21 13:08 - 2014-02-23 11:17 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-21 12:57 - 2012-02-06 17:42 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\UpdateStar
2015-01-21 11:06 - 2012-09-04 08:34 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\KeePass
2015-01-20 18:48 - 2012-03-17 10:01 - 00000000 ____D () C:\Program Files (x86)\PC Fresh
2015-01-20 11:02 - 2011-11-16 10:04 - 00000000 ____D () C:\ProgramData\elsterformular
2015-01-20 11:02 - 2011-10-25 10:39 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Windows Live Writer
2015-01-20 10:08 - 2014-12-10 12:30 - 00000000 ____D () C:\Program Files (x86)\GoogleClean
2015-01-20 10:02 - 2013-12-14 17:54 - 00002548 _____ () C:\Windows\System32\Tasks\AbelssoftPreloader
2015-01-20 10:02 - 2013-04-30 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WashAndGo
2015-01-20 10:02 - 2013-04-30 09:13 - 00000000 ____D () C:\Program Files (x86)\WashAndGo
2015-01-19 15:13 - 2013-05-03 09:02 - 00000000 ____D () C:\Users\Chef3\AppData\Local\WEKA DVD Interface
2015-01-18 16:10 - 2011-10-10 14:29 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-17 13:48 - 2011-11-10 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-17 12:25 - 2014-08-23 09:11 - 00000000 ____D () C:\Users\Chef3\AppData\Local\Adobe
2015-01-17 10:19 - 2013-02-14 14:53 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\Malwarebytes
2015-01-17 10:19 - 2013-02-14 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 09:59 - 2012-10-15 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 15:21 - 2012-10-16 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-01-14 17:01 - 2011-11-16 10:05 - 00000000 ____D () C:\Users\Chef3\AppData\Roaming\elsterformular
2015-01-14 16:59 - 2011-11-16 10:04 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular
2015-01-14 10:52 - 2013-07-27 22:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 10:52 - 2011-10-17 15:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 09:43 - 2010-11-21 07:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 09:43 - 2010-11-21 07:50 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 09:43 - 2009-07-14 06:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-12-02 13:38 - 2011-12-02 13:38 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-29 18:31

==================== End Of Log ============================
--- --- ---

schrauber 30.01.2015 07:53
Bitte noch diese Datei posten:

C:\Users\Chef3\Downloads\Addition.txt

Spätzünder 30.01.2015 11:03
Hallo Schrauber,
Ich habe gestern vergeblich versucht die Datei Addition.txt ebenso zu posten wie die Datei FRST.txt. Mal sehen ob ich es jetzt Packe: Nein, auch jetzt auf # klicke erscheinen bei mir keine Klammerausdrücke für die weitere Eingabe. Was soll ich anderes machen?
Grüße vom Spätzünder

schrauber 30.01.2015 12:23
Drückst du # auf deinem Keyboard? Oder den # Button in der Antwortbox im Forum? ;)

Spätzünder 30.01.2015 12:44
Hallo Schrauber,
ich habe es in beiden Varianten versucht. Welche wäre denn die Richtige?
Grüße von Spätzünder

schrauber 30.01.2015 14:31
Diese, unten in der Antwortbox:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Spätzünder 30.01.2015 15:47
Hallo Schrauber,
mir gelingt es nicht im Editor die Code-Box zu öffnen. Wenn ich hier oben auf # klicke
passiert nichts. Wie kann ich das lösen?
Grüße von Spätzünder

schrauber 31.01.2015 11:20
Dann poste das Log einfach so, ohne die Codetags. Wobei das nicht sein kann. Ne Foren-Funktion verschwindet nicht einfach :)

Spätzünder 31.01.2015 11:48
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Chef3 at 2015-01-29 14:48:17
Running from C:\Users\Chef3\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AM-DeadLink 4.6 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.6 - WebSite-Watcher - Software to check websites for updates and changes (web page monitoring))
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 143 - Abelssoft)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.0 - Conexant)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.57 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.57 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell System Detect (HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Deutsche Post E-Porto (HKLM-x32\...\{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}) (Version: 2.3.0 - Deutsche Post AG)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.20150113 - Landesfinanzdirektion Thüringen)
EPSON BX305 Series Handbuch (HKLM-x32\...\EPSON BX305 Series Manual) (Version:  - )
EPSON BX305 Series Printer Uninstall (HKLM\...\EPSON BX305 Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
funkwerk Eumex 401 WIN-Tools V2.00 (HKLM-x32\...\InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}) (Version: 2.00.0000 - Funkwerk Enterprise Communications GmbH)
funkwerk Eumex 401 WIN-Tools V2.00 (x32 Version: 2.00.0000 - Funkwerk Enterprise Communications GmbH) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 123 - Abelssoft)
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
KeePass Password Safe 1.26 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.26 - Dominik Reichl)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.00.1062 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.0) (Version: 12.0.1278 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2012 - Abelssoft)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
NVIDIA 3D Vision Treiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation)
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 8.15 - Ocster GmbH & Co. KG)
PAYBACK Toolbar 1.1 (HKLM-x32\...\PAYBACK Toolbar_is1) (Version: 1.1.2 - PAYBACK GmbH)
PC Fresh (HKLM-x32\...\PC Fresh_is1) (Version: 2014 - (Abelssoft) Ascora GmbH)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Registry Cleaner (HKLM-x32\...\Registry Cleaner_is1) (Version: 1.1 - Abelssoft)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SilverCrest OMC807 Driver (HKLM-x32\...\{C786FE11-22AF-4B6C-B122-9C4A6D012E67}) (Version: 2.0 - SilverCrest)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.11.9874 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 5.4 - Abelssoft)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.11200.10.102 - Nero AG) Hidden
TV-Browser 3.3a (HKLM-x32\...\tvbrowser) (Version: 3.3a - TV-Browser Team)
UpdateStar (HKLM-x32\...\{2D877D7D-958C-41F7-8863-3E682CE8EEA6}) (Version: 10.0.1265 - UpdateStar GmbH)
UpdateStar Drivers (HKLM-x32\...\UpdateStar Drivers) (Version: 7.0.0 - UpdateStar)
UpdateYeti (HKLM-x32\...\UpdateYeti_is1) (Version: 2.16 - Abelssoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WashAndGo (HKLM-x32\...\WashAndGo_is1) (Version: 19.0 - Abelssoft)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.1.6 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
WinSysClean X4 (HKLM-x32\...\WinSysClean X4) (Version: 14.11 - Ultimate Systems, Inc.)
WinSysClean X5 (HKLM-x32\...\WinSysClean X5) (Version: 15.01 - Ultimate Systems, Inc.)
WinSysClean X6 Trial (HKLM-x32\...\WinSysClean X6 Trial) (Version: 16.00 - Ultimate Systems, Inc.)
WinSysClean X6 Trial (HKU\S-1-5-21-1906148964-138570781-1934493635-1003\...\WinSysClean X6 Trial) (Version: 16.02 - Ultimate Systems, Inc.)
WinSysClean X6 Trial (Version: 16.02 - Ultimate Systems, Inc.) Hidden
WOT for Internet Explorer (HKLM\...\{7A89FBFB-EB8D-4612-B558-B6BD1793E243}) (Version: 11.9.28.0 - WOT Services Oy)
WOT für Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1906148964-138570781-1934493635-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906148964-138570781-1934493635-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906148964-138570781-1934493635-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906148964-138570781-1934493635-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1906148964-138570781-1934493635-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-01-2015 12:57:01 Installed UpdateStar
21-01-2015 13:02:59 Windows Live Essentials
21-01-2015 13:03:25 DirectX wurde installiert
21-01-2015 13:03:58 DirectX wurde installiert
21-01-2015 13:05:52 WLSetup
25-01-2015 14:56:55 Windows Defender Checkpoint
25-01-2015 15:15:22 Wiederherstellungsvorgang
27-01-2015 12:49:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-05 07:22 - 00000066 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06BC4B15-FBD2-4101-AC1F-B48B834C9316} - System32\Tasks\Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [2014-10-24] (Sony Corporation)
Task: {0F3DBFE0-3FF9-43C2-BA2A-AA709CF605A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {211118A8-A949-42ED-AF06-A1A7DD35D277} - System32\Tasks\NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [2012-02-06] ()
Task: {2C8FB83B-1EF8-4744-A089-A9E0EB462F35} - System32\Tasks\StartupStar Firewall => C:\Program Files (x86)\StartupStar\StartupStar.exe [2013-04-02] (Ascora GmbH)
Task: {304D4A47-413D-44A8-B752-BADA0AB988A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {3C2EA9FA-46D4-437A-BD7F-526F16DE6663} - System32\Tasks\AbelssoftPreloader => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe [2015-01-19] (Microsoft)
Task: {3E625377-7566-43BD-84E8-FEEABEAA24BA} - System32\Tasks\{D9FA36F8-88E3-49B4-955A-E13597746945} => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
Task: {57EE6636-A48D-4A19-93D0-0BF931B11409} - System32\Tasks\WashAndGoNGOwnSchedule => C:\Program Files (x86)\WashAndGo\WashAndGo.exe [2015-01-19] (Microsoft)
Task: {59F1BA6C-4634-480C-A59F-0AEA21A65DA3} - System32\Tasks\{5D7B1919-B085-4A40-98E2-B9ADA64AD7D0} => Iexplore.exe Downloading
Task: {5D4A3D35-F7C6-4FD0-AF5C-E4966D7AFECD} - System32\Tasks\{54989E26-DEDF-40F7-81C2-949CA1DB2FA6} => Iexplore.exe Downloading
Task: {5E3E12A3-A04C-4C45-A287-6A34A1141A9B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {638507D1-BEDE-4522-AEC7-A679FA12B45B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {776CC585-AEF2-44B1-8C36-AD5F695FEB84} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {788FAD93-0D0F-4251-BB3B-8E6A830AF2EC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7B0A98EB-C3D8-43BE-9CA7-EBE52E82C8AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8F518919-2609-4CB2-BD78-CD3023A6A66D} - System32\Tasks\MyTomTomSA.exe => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
Task: {9CE1BE95-05CF-4CB2-B4E8-199733CDB49A} - System32\Tasks\{C76A9767-7872-449D-9D9D-5DAAE69F2383} => C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe [2014-10-24] (Sony Corporation)
Task: {9DFE7910-5B2E-45E3-B344-D57D9B67D8B9} - System32\Tasks\AntiBrowserSpy - BrowserMask => C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe [2014-05-05] ()
Task: {AC319DB4-A144-453C-90F1-226BD701CC4C} - System32\Tasks\{F0221A69-47D9-4593-BD30-D65F54277B80} => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
Task: {AD352411-8E8B-4BC4-A684-5C21A7FC912F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {ADEA33DD-00ED-4E11-9E25-0FE6BB796797} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {CC71C095-69CC-420E-B657-9F2B68FCC1EC} - System32\Tasks\AntiBrowserSpy - SocialBlock - IE => C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe [2014-05-05] ()
Task: {D9C73480-1A7F-438D-9C8B-DBB7A12BBD6B} - System32\Tasks\{5C549405-9AFE-422A-9184-B93E170DE7BF} => C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe [2014-10-24] (Sony Corporation)
Task: {E175B0B5-E8CF-4A93-A732-2BB2C4BA7DE8} - System32\Tasks\4606 => Wscript.exe C:\Users\Chef3\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F1E57B5D-BC61-4BCE-BC85-5B4726BA5239} - System32\Tasks\Launch SilverCrest OMC807 => C:\Program Files (x86)\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe [2010-08-30] (Siliten)
Task: C:\Windows\Tasks\AbelssoftPreloader.job => C:\Program Files (x86)\WashAndGo\AbelssoftPreloader.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\StartupStar Firewall.job => C:\Program Files (x86)\StartupStar\StartupStar.exe
Task: C:\Windows\Tasks\WashAndGoNGOwnSchedule.job => C:\Program Files (x86)\WashAndGo\WashAndGo.exe

==================== Loaded Modules (whitelisted) =============

2013-10-02 10:25 - 2013-08-09 21:07 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-03 09:20 - 2013-04-02 15:28 - 00013776 _____ () C:\Program Files (x86)\StartupStar\AbAutostartManager.dll
2013-05-03 09:20 - 2013-04-02 15:28 - 00041424 _____ () C:\Program Files (x86)\StartupStar\StartupLogic.dll
2013-08-09 09:56 - 2014-05-05 08:32 - 00821024 _____ () C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe
2013-08-09 09:56 - 2014-05-05 08:32 - 00053536 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbSettings.dll
2013-08-09 09:56 - 2014-05-05 08:32 - 00858400 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyResources.dll
2013-08-09 09:56 - 2014-05-05 08:32 - 01405216 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyLibrary.dll
2013-08-09 09:56 - 2014-05-05 08:32 - 01399072 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbGui.dll
2013-08-09 09:56 - 2014-05-05 08:32 - 00013088 _____ () C:\Program Files (x86)\AntiBrowserSpy\AbProcessManager.dll
2013-08-09 09:56 - 2014-05-05 08:30 - 01136640 _____ () C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpy-IE-SocialBlock.exe
2014-02-04 14:27 - 2014-02-04 14:27 - 00312664 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2014-02-04 14:27 - 2014-02-04 14:27 - 06249816 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00389464 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00506200 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00343896 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 04862296 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 11059032 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00156504 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00494424 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00060248 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 19:56 - 2014-02-03 19:56 - 00020992 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00052568 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 14:56 - 2014-02-03 14:56 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-03 19:58 - 2014-02-03 19:58 - 00314880 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00112984 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 14:55 - 2014-02-03 14:55 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00210264 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00147288 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2014-12-10 12:30 - 2015-01-19 08:17 - 00056584 _____ () C:\Program Files (x86)\GoogleClean\AbSettings.dll
2014-12-10 12:30 - 2015-01-19 08:17 - 02197256 _____ () C:\Program Files (x86)\GoogleClean\GoogleCleanResources.dll
2014-12-10 12:30 - 2015-01-19 08:17 - 01399048 _____ () C:\Program Files (x86)\GoogleClean\AbGui.dll
2014-12-10 12:30 - 2015-01-19 08:17 - 00014088 _____ () C:\Program Files (x86)\GoogleClean\AbProcessManager.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-04 14:27 - 2014-02-04 14:27 - 00023896 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2014-02-04 14:27 - 2014-02-04 14:27 - 00103256 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 11059032 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00156504 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 04862296 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00494424 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00060248 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2014-02-03 19:56 - 2014-02-03 19:56 - 00020992 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00052568 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2014-02-03 14:56 - 2014-02-03 14:56 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00506200 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00343896 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2014-02-03 19:58 - 2014-02-03 19:58 - 00314880 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00112984 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2014-02-03 14:55 - 2014-02-03 14:55 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2014-02-04 14:27 - 2014-02-04 14:27 - 00210264 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2014-02-03 19:19 - 2014-02-03 19:19 - 00045056 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2014-02-03 19:19 - 2014-02-03 19:19 - 00045056 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2011-10-10 14:18 - 2011-07-08 10:12 - 02749248 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-03-17 10:02 - 2013-09-12 16:45 - 00029200 _____ () C:\Program Files (x86)\PC Fresh\Renderers.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-01-17 10:18 - 2011-06-24 11:12 - 00965760 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-24 21:34 - 2014-10-24 21:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:46 - 2014-04-25 21:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2011-11-07 12:23 - 2010-08-30 09:24 - 00049152 _____ () C:\Program Files (x86)\SilverCrest OMC807 Driver\UniFunc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Fax => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -bootmode
MSCONFIG\startupreg: MyTomTomSA.exe => "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Chef3\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: StartupStar Block-check => C:\Program Files (x86)\StartupStar\StartupStar.exe /blocklist
MSCONFIG\startupreg: UpdateStar => "C:\Users\Chef3\AppData\Roaming\UpdateStar\UpdateStar.exe" -A
MSCONFIG\startupreg: UpdateStar Drivers => C:\Program Files (x86)\UpdateStar Drivers\drivers.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1906148964-138570781-1934493635-500 - Administrator - Disabled)
Chef3 (S-1-5-21-1906148964-138570781-1934493635-1003 - Administrator - Enabled) => C:\Users\Chef3
Gast (S-1-5-21-1906148964-138570781-1934493635-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1906148964-138570781-1934493635-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1906148964-138570781-1934493635-1016 - Limited - Enabled) => C:\Users\UpdatusUser
_ocster_backup_ (S-1-5-21-1906148964-138570781-1934493635-1022 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 01:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: zz3ryn76.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: zz3ryn76.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0xfe8
Startzeit der fehlerhaften Anwendung: 0xzz3ryn76.exe0
Pfad der fehlerhaften Anwendung: zz3ryn76.exe1
Pfad des fehlerhaften Moduls: zz3ryn76.exe2
Berichtskennung: zz3ryn76.exe3

Error: (01/29/2015 01:01:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357 (5).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357 (5).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x11f4
Startzeit der fehlerhaften Anwendung: 0xGmer-19357 (5).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357 (5).exe1
Pfad des fehlerhaften Moduls: Gmer-19357 (5).exe2
Berichtskennung: Gmer-19357 (5).exe3

Error: (01/29/2015 00:58:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1714
Startzeit der fehlerhaften Anwendung: 0xGmer-19357 (4).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357 (4).exe1
Pfad des fehlerhaften Moduls: Gmer-19357 (4).exe2
Berichtskennung: Gmer-19357 (4).exe3

Error: (01/29/2015 00:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x710
Startzeit der fehlerhaften Anwendung: 0xGmer-19357 (4).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357 (4).exe1
Pfad des fehlerhaften Moduls: Gmer-19357 (4).exe2
Berichtskennung: Gmer-19357 (4).exe3

Error: (01/29/2015 00:54:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357 (4).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1484
Startzeit der fehlerhaften Anwendung: 0xGmer-19357 (4).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357 (4).exe1
Pfad des fehlerhaften Moduls: Gmer-19357 (4).exe2
Berichtskennung: Gmer-19357 (4).exe3

Error: (01/29/2015 00:50:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: x0jen5g2.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: x0jen5g2.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1674
Startzeit der fehlerhaften Anwendung: 0xx0jen5g2.exe0
Pfad der fehlerhaften Anwendung: x0jen5g2.exe1
Pfad des fehlerhaften Moduls: x0jen5g2.exe2
Berichtskennung: x0jen5g2.exe3

Error: (01/29/2015 00:48:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357 (1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357 (1).exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x528
Startzeit der fehlerhaften Anwendung: 0xGmer-19357 (1).exe0
Pfad der fehlerhaften Anwendung: Gmer-19357 (1).exe1
Pfad des fehlerhaften Moduls: Gmer-19357 (1).exe2
Berichtskennung: Gmer-19357 (1).exe3

Error: (01/29/2015 11:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x168c
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (01/29/2015 11:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000011aa
ID des fehlerhaften Prozesses: 0x1438
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3

Error: (01/29/2015 11:36:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/29/2015 02:38:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 02:38:01 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 02:36:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:36:47 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:34:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:34:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:27:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:26:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 01:01:08 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 00:58:07 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (01/29/2015 01:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: zz3ryn76.exe2.1.19357.052e7ea83zz3ryn76.exe2.1.19357.052e7ea83c0000005000011aafe801d03bbfe8871671C:\Users\Chef3\Downloads\zz3ryn76.exeC:\Users\Chef3\Downloads\zz3ryn76.exe2e814e26-a7b3-11e4-9d66-00094f000001

Error: (01/29/2015 01:01:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357 (5).exe2.1.19357.052e7ea83Gmer-19357 (5).exe2.1.19357.052e7ea83c0000005000011aa11f401d03bbb3c31035cC:\Users\Chef3\Downloads\Gmer-19357 (5).exeC:\Users\Chef3\Downloads\Gmer-19357 (5).exe821a916f-a7ae-11e4-9d66-00094f000001

Error: (01/29/2015 00:58:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357 (4).exe2.1.19357.052e7ea83Gmer-19357 (4).exe2.1.19357.052e7ea83c0000005000011aa171401d03bbad021b20aC:\Users\Chef3\Downloads\Gmer-19357 (4).exeC:\Users\Chef3\Downloads\Gmer-19357 (4).exe15c3d6d5-a7ae-11e4-9d66-00094f000001

Error: (01/29/2015 00:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357 (4).exe2.1.19357.052e7ea83Gmer-19357 (4).exe2.1.19357.052e7ea83c0000005000011aa71001d03bba9f43d8c7C:\Users\Chef3\Downloads\Gmer-19357 (4).exeC:\Users\Chef3\Downloads\Gmer-19357 (4).exee4dc7811-a7ad-11e4-9d66-00094f000001

Error: (01/29/2015 00:54:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357 (4).exe2.1.19357.052e7ea83Gmer-19357 (4).exe2.1.19357.052e7ea83c0000005000011aa148401d03bba4a11df36C:\Users\Chef3\Downloads\Gmer-19357 (4).exeC:\Users\Chef3\Downloads\Gmer-19357 (4).exe8feac3a7-a7ad-11e4-9d66-00094f000001

Error: (01/29/2015 00:50:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: x0jen5g2.exe2.1.19357.052e7ea83x0jen5g2.exe2.1.19357.052e7ea83c0000005000011aa167401d03bb9ccb96fc6C:\Users\Chef3\Downloads\x0jen5g2.exeC:\Users\Chef3\Downloads\x0jen5g2.exe1294b598-a7ad-11e4-9d66-00094f000001

Error: (01/29/2015 00:48:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357 (1).exe2.1.19357.052e7ea83Gmer-19357 (1).exe2.1.19357.052e7ea83c0000005000011aa52801d03bb96eb09451C:\Users\Chef3\Downloads\Gmer-19357 (1).exeC:\Users\Chef3\Downloads\Gmer-19357 (1).execa9a1a2c-a7ac-11e4-9d66-00094f000001

Error: (01/29/2015 11:49:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa168c01d03bb1403c9fdaC:\Users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7SCE59N\Gmer-19357.exeC:\Users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7SCE59N\Gmer-19357.exe88e2fc3c-a7a4-11e4-9d66-00094f000001

Error: (01/29/2015 11:42:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa143801d03bb02aa9ea80C:\Users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW4J03UP\Gmer-19357.exeC:\Users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW4J03UP\Gmer-19357.exe750c6e77-a7a3-11e4-9d66-00094f000001

Error: (01/29/2015 11:36:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-14 18:48:01.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:48:01.678
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:20.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:20.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:17.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:17.422
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:17.266
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:17.266
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:00.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-14 18:47:00.316
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 27%
Total physical RAM: 6126.64 MB
Available physical RAM: 4431.45 MB
Total Pagefile: 12251.47 MB
Available Pagefile: 9094.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:700.54 GB) (Free:634.39 GB) NTFS
Drive f: (Daten) (Fixed) (Total:681.87 GB) (Free:668.87 GB) NTFS
Drive g: (DRIVE-N-GO) (Fixed) (Total:232.88 GB) (Free:63.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 95CB5A73)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=700.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=681.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 49E9FE83)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 31.01.2015 15:52
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Spätzünder 31.01.2015 17:28
Hallo, das einfügen über die Code-Box geht wieder nicht. her sende ich es wieder direkt:

Combofix Logfile:
Code:
ComboFix 15-01-29.01 - Chef3 31.01.2015  16:37:19.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.6127.4496 [GMT 1:00]
ausgeführt von:: c:\users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW4J03UP\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\095557b2-2408-4eaf-b39b-d55c8606482c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\10494c60-ec8b-4856-b24a-b6d076c4499f.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3a79f062-8f3e-464f-9815-2c45840494ee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7419b29f-5d5c-499d-8452-7a5038bd3fda.dll
c:\programdata\PCDr\6426\AddOnDownloaded\76fc066e-4bb6-4b62-ae6a-29b9d7925a3d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7c5b1d75-4145-4f69-b184-a8fb559fd417.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\846b4c9b-a7ba-4fb5-8d64-0e84281ea84e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d56ceae-d309-4e1d-8376-c13e94d402c3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9e10a8b6-7648-420f-8bcb-2995fcb06133.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9fdca848-c74c-4268-a5da-d22aa5d0d3cb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b282128e-9a7f-43e3-90a2-c1f1133ea714.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b79eb8ca-c461-4cb3-b3f9-d11b2bbc6a94.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c20a0fa8-50ad-45ec-b66b-89e3b80e5e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c74b2d1b-fd92-4f74-8532-20f83f9afd65.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c74f120c-a2fd-45f4-8d64-4b4a27ede296.dll
c:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\de3a7d98-874b-4dcb-993c-f377c119ad11.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e9bb45d9-5a2b-47e8-9c48-168276d422cc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ee407ae9-f049-49d4-8f82-50991610c8f5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ee4747a4-1d1b-42c1-8a8c-1de04bbb2379.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef32b2f9-e518-400c-8172-d1a06ae9d208.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\fbd50850-4122-4fe3-a72e-fcbe58a0f196.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-12-28 bis 2015-01-31  ))))))))))))))))))))))))))))))
.
.
2015-01-31 15:47 . 2015-01-31 15:47        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2015-01-31 15:47 . 2015-01-31 15:47        --------        d-----w-        c:\users\Public\AppData\Local\temp
2015-01-31 15:47 . 2015-01-31 15:47        --------        d-----w-        c:\users\Klaus\AppData\Local\temp
2015-01-30 09:26 . 2015-01-31 10:17        --------        d-----w-        c:\users\Chef3\AppData\Roaming\PCDr
2015-01-30 09:25 . 2015-01-30 09:25        --------        d-----w-        c:\programdata\PCDr
2015-01-30 09:19 . 2014-12-15 03:13        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{73A0FFDA-0B52-41A4-9A8D-11801DE44971}\mpengine.dll
2015-01-28 13:14 . 2015-01-29 16:04        --------        d-----w-        C:\FRST
2015-01-27 22:33 . 2015-01-27 22:33        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-01-27 18:24 . 2015-01-27 18:24        --------        d-----w-        c:\windows\ERUNT
2015-01-27 12:29 . 2015-01-29 09:36        --------        d-----w-        C:\AdwCleaner
2015-01-26 15:03 . 2015-01-26 15:03        --------        d-----w-        c:\users\Chef3\AppData\Local\ElevatedDiagnostics
2015-01-24 21:44 . 2015-01-25 08:19        129752        ----a-w-        c:\windows\system32\drivers\01AC4D42.sys
2015-01-24 21:43 . 2015-01-24 21:43        129752        ----a-w-        c:\windows\system32\drivers\12024CF4.sys
2015-01-23 11:37 . 2013-05-06 08:13        110176        ----a-w-        c:\windows\system32\klfphc.dll
2015-01-23 11:36 . 2015-01-23 11:36        --------        d-----w-        c:\windows\ELAMBKUP
2015-01-23 11:36 . 2015-01-23 11:36        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2015-01-23 11:36 . 2014-08-12 17:33        246456        ----a-w-        c:\windows\system32\drivers\klhk.sys
2015-01-21 12:09 . 2015-01-21 12:09        --------        d-----w-        c:\windows\en
2015-01-21 12:07 . 2015-01-21 12:07        --------        d-----w-        c:\windows\de
2015-01-21 12:07 . 2015-01-21 12:07        --------        d-----w-        c:\program files (x86)\Microsoft SQL Server Compact Edition
2015-01-21 12:06 . 2012-03-08 17:40        48488        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2015-01-21 12:05 . 2015-01-21 12:06        --------        d-----w-        c:\program files\Windows Live
2015-01-21 12:03 . 2015-01-21 12:03        7450888        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\3739f2931d0357214\bingbarsetup.exe
2015-01-21 12:03 . 2015-01-21 12:03        15712        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\364987981d0357213\MeshBetaRemover.exe
2015-01-21 12:03 . 2015-01-21 12:03        89944        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\34eb9d4f1d0357212\DSETUP.dll
2015-01-21 12:03 . 2015-01-21 12:03        537432        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\34eb9d4f1d0357212\DXSETUP.exe
2015-01-21 12:03 . 2015-01-21 12:03        1801048        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\34eb9d4f1d0357212\dsetup32.dll
2015-01-21 12:03 . 2015-01-21 12:03        94040        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\33cb96ce1d0357211\DSETUP.dll
2015-01-21 12:03 . 2015-01-21 12:03        525656        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\33cb96ce1d0357211\DXSETUP.exe
2015-01-21 12:03 . 2015-01-21 12:03        1691480        -c--a-w-        c:\program files (x86)\Common Files\Windows Live\.cache\33cb96ce1d0357211\dsetup32.dll
2015-01-21 10:06 . 2015-01-21 10:06        --------        d-----w-        c:\program files (x86)\KeePass Password Safe 2
2015-01-17 16:45 . 2015-01-17 16:45        --------        dc-h--w-        c:\users\Chef3\AppData\Local\{B7444167-DCAD-434E-A694-81907DE70A78}
2015-01-17 11:35 . 2015-01-17 11:35        362029        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2015-01-17 09:19 . 2015-01-31 09:03        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-17 09:19 . 2015-01-17 09:19        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-17 09:19 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-01-17 09:19 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-01-16 14:53 . 2015-01-16 15:43        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2015-01-16 14:13 . 2015-01-17 16:52        --------        d-----w-        c:\program files\WinSysClean X6 Trial
2015-01-16 10:20 . 2015-01-16 10:20        --------        d-----w-        c:\users\Chef3\AppData\Roaming\Opera Software
2015-01-16 10:20 . 2015-01-16 10:20        --------        d-----w-        c:\users\Chef3\AppData\Local\Opera Software
2015-01-16 10:17 . 2015-01-16 10:29        --------        d-----w-        C:\rei
2015-01-14 16:00 . 2015-01-14 16:00        --------        d-----w-        c:\programdata\Package Cache
2015-01-01 21:22 . 2015-01-01 21:22        --------        d-----w-        c:\windows\SysWow64\%Data%
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-27 22:32 . 2014-10-27 09:15        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-25 08:24 . 2012-03-29 07:40        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 08:24 . 2011-10-10 13:05        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 11:40 . 2014-08-20 17:04        818888        ----a-w-        c:\windows\system32\drivers\klif.sys
2015-01-23 11:40 . 2014-08-13 18:34        77512        ----a-w-        c:\windows\system32\drivers\klwtp.sys
2015-01-23 11:40 . 2014-08-18 13:43        150536        ----a-w-        c:\windows\system32\drivers\klflt.sys
2015-01-14 09:52 . 2011-10-17 14:04        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 07:01        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 07:01        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 08:40        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 08:40        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 08:40        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 08:40        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 08:40        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 08:40        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 08:40        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 08:40        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 08:39        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 08:39        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 08:40        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 08:39        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 08:39        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 08:39        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 08:40        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 08:39        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 08:39        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 08:39        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 08:40        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 08:39        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 08:40        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 08:39        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 08:39        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 08:39        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 08:39        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 08:39        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 08:40        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 08:39        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 08:39        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 08:39        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 08:39        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 08:40        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 08:39        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 08:39        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 08:39        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 08:40        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 08:39        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 08:39        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 08:39        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 08:39        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 08:40        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 08:39        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 08:39        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 08:39        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 08:39        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 08:39        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 08:39        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 08:39        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2013-02-14 13:52        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-11-19 03:31 . 2014-11-19 03:31        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 08:40        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 08:44        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 08:44        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 08:40        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 08:44        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 08:44        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 08:40        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 08:39        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 08:39        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-23 10:16        222920        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-23 10:16        222920        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-23 10:16        222920        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"GoogleRadar"="c:\program files (x86)\GoogleClean\GoogleRadar.exe" [2015-01-19 2717960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2014-10-24 899400]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-10-07 2109952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Control Center.lnk - c:\program files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V2.00\ControlCenter.exe [2008-8-25 225280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cpuz134;cpuz134;c:\users\Chef3\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Chef3\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe;c:\program files\Ocster Backup\bin\backupService-ox.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 09:38        1086280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-31 c:\windows\Tasks\AbelssoftPreloader.job
- c:\program files (x86)\WashAndGo\AbelssoftPreloader.exe [2013-04-30 11:50]
.
2015-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:24]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-23 08:20]
.
2015-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-23 08:20]
.
2015-01-31 c:\windows\Tasks\StartupStar Firewall.job
- c:\program files (x86)\StartupStar\StartupStar.exe [2013-05-03 14:28]
.
2015-01-29 c:\windows\Tasks\WashAndGoNGOwnSchedule.job
- c:\program files (x86)\WashAndGo\WashAndGo.exe [2013-04-30 11:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-23 10:16        261832        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-23 10:16        261832        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-23 10:16        261832        ----a-w-        c:\users\Chef3\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-06-24 310912]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-15 524928]
"Ocster Backup"="c:\program files\Ocster Backup\bin\backupClient-ox.exe" [2014-02-04 312664]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} -
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{73E13ECC-3B88-47AC-B53C-7E34A8246897}: NameServer = 95.211.37.200,198.101.13.115
TCP: Interfaces\{D7482328-582E-4126-9A1C-2581B61C9444}: NameServer = 95.211.37.200,198.101.13.115
DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} - hxxp://www.sony.de/bravia/RegistrationAgent.cab
FF - ProfilePath - c:\users\Chef3\AppData\Roaming\Mozilla\Firefox\Profiles\xvejke5j.default-1418400123387\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=BDT1&ocid=BDT1DHP&DT=011715
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BDT1DF&PC=BDT1&dt=011715&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-BingDesktop - c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
AddRemove-UpdateStar Drivers - c:\program files (x86)\UpdateStar Drivers\uninstall.exe
AddRemove-WinSysClean X4 - c:\programdata\{40930DBE-27F2-463D-BD27-55BFD6A91A95}\wsc_x1.exe
AddRemove-WinSysClean X5 - c:\programdata\{7AD360CC-1D61-4011-83BE-B257782BA5CB}\wsc_x1.exe
AddRemove-WinSysClean X6 Trial - c:\programdata\{5A46C8DF-4D32-4A5C-B8AB-290A6717E81F}\wsc_x1.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2894854v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2898869 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2901126 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2931368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972107 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972216 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2978128 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2979578v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe
AddRemove-{C5089197-5B15-44AD-B0FC-2E94EE9ECB63} - c:\programdata\{5A46C8DF-4D32-4A5C-B8AB-290A6717E81F}\wsc_x1.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-31  16:55:49
ComboFix-quarantined-files.txt  2015-01-31 15:55
.
Vor Suchlauf: 25 Verzeichnis(se), 679.315.263.488 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 679.190.831.104 Bytes frei
.
- - End Of File - - 4F8A2BFEB207457560C6953FA65F2A22
--- --- ---
5C616939100B85E558DA92B899A0FC36

schrauber 31.01.2015 23:17
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Spätzünder 01.02.2015 18:10
Hallo, Schrauber
das scannen mit MBAM hat null Funde ergeben. Da brauche ich sicher kein Datei zu senden.
Ich hatte vor meiner Anfrage bei Euch aber schon 17. und 25. Januar Suchläufe damit gemacht. Die dabei gefundenen "Trojan Backdoor MRX" sind noch in der Quarantäne

Zum Suchlauf mit AdwCleaner hatte ich im Protokoll was von " Lingue, Fichier " in Firefox und Chrome gelesen. Folgende Datei geht wieder nicht mit #+AdwCleaner Logfile:
Code:
# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 16:41:35
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Chef3 - KLAUS3-PC
# Gestartet von : C:\Users\Chef3\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQUTIUC0\AdwCleaner_4.109.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v30.0 (de)


-\\ Google Chrome v40.0.2214.93


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R1].txt - [767 octets] - [01/02/2015 16:41:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [826 octets] ##########
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19