Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windwos 7 : Webseiten nur noch mit werbung (https://www.trojaner-board.de/167349-windwos-7-webseiten-nur-noch-werbung.html)

Domi22221 28.05.2015 19:18
Windwos 7 : Webseiten nur noch mit werbung
 
Moin Liebes Forum Team .

ich hab seit längeren tagen das Problem egal welchen link ich aufmache macht sich Werbung mit auf auch wenn ich nur auf meinen Router Webseite gehe.

und das weitere Problem ist das sich meine 2te ssd Festplatte manchmal einfach so aufhängt danke schon mal für die Hilfe .

defogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:05 on 28/05/2015 (termis)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by termis (administrator) on TERMIS-PC on 28-05-2015 20:06:13
Running from C:\Users\termis\Desktop\Neuer Ordner (2)
Loaded Profiles: termis (Available Profiles: termis)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) G:\programme\sandbox\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Overwolf LTD) G:\programme\Overwolf\Overwolf.exe
(Sandboxie Holdings, LLC) G:\programme\sandbox\SbieCtrl.exe
() C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(TeamSpeak Systems GmbH) G:\programme\teamspeak2\ts3client_win64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Overwolf LTD) G:\programme\Overwolf\0.85.190.0\OverwolfTSHelper.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper64.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\Steam.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [DelReg] => G:\programme\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [60416 2015-04-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Overwolf] => G:\programme\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [SandboxieControl] => G:\programme\sandbox\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Command Processor: C:\Users\termis\init.cmd [1243 2015-03-30] () <===== ATTENTION!
Startup: C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSPico 11.0.1 Update.lnk [2015-04-07]
ShortcutTarget: KMSPico 11.0.1 Update.lnk -> C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?type=888596&fr=spigot-yhp-ie
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622345197-898242485-877740896-1000 -> DefaultScope {CBDD7C56-EFAF-40AD-941F-D8E6A3D00D37} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3622345197-898242485-877740896-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3622345197-898242485-877740896-1000 -> {CBDD7C56-EFAF-40AD-941F-D8E6A3D00D37} URL = https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
BHO: BBesstSaaveFOrYeOU -> {3E869B3E-41ED-4C02-A40D-38488D09F6C0} -> C:\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll [2015-05-24] ()
BHO: CouupuExtension -> {A247CC3D-1148-4937-AF3B-19765C429FC8} -> C:\Program Files (x86)\CouupuExtension\szEZGRSwdz3cXg.x64.dll [2015-05-24] ()
BHO-x32: BBesstSaaveFOrYeOU -> {3E869B3E-41ED-4C02-A40D-38488D09F6C0} -> C:\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll [2015-05-24] ()
BHO-x32: CouupuExtension -> {A247CC3D-1148-4937-AF3B-19765C429FC8} -> C:\Program Files (x86)\CouupuExtension\szEZGRSwdz3cXg.dll [2015-05-24] ()
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E513592B-5643-4A03-B025-23D793277E58}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~3\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-30]
CHR Extension: (YouTube) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-30]
CHR Extension: (Google Search) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-04-01]
CHR Extension: (Bookmark Manager DEV) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-19]
CHR Extension: (Avast Online Security) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
CHR Extension: (Gmail) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 165c96fd; c:\Program Files (x86)\TurboSys\TurboSys.dll [1609728 2015-04-07] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 AODService; G:\programme\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3341384 2015-03-03] (INCA Internet Co., Ltd.)
S4 OverwolfUpdater; G:\programme\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 SbieSvc; G:\programme\sandbox\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S2 Service KMSELDI; G:\Program Files\KMSpico\Service_KMS.exe [527360 2013-09-07] () [File not signed]
S4 SkypeUpdate; G:\programme\skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver2; G:\programme\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-04-23] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SbieDrv; G:\programme\sandbox\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 MSICDSetup; \??\I:\CDriver64.sys [X]
S3 PCAlertDriver; \??\G:\programme\MSI\PC Alert 4\NTGLM7X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:06 - 2015-05-28 20:06 - 00000000 ____D () C:\FRST
2015-05-28 20:05 - 2015-05-28 20:06 - 00000000 ____D () C:\Users\termis\Desktop\Neuer Ordner (2)
2015-05-28 20:05 - 2015-05-28 20:05 - 00000000 _____ () C:\Users\termis\defogger_reenable
2015-05-24 19:14 - 2015-05-24 19:14 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 17:59 - 2015-05-24 17:59 - 00000000 ____D () C:\Program Files (x86)\HostCabinet  Who is hosting that website
2015-05-24 17:59 - 2015-05-24 17:59 - 00000000 ____D () C:\Program Files (x86)\BesttSaveForYoou
2015-05-24 17:59 - 2015-05-24 17:59 - 00000000 ____D () C:\Program Files (x86)\BBesstSaaveFOrYeOU
2015-05-24 17:58 - 2015-05-24 17:58 - 00000000 ____D () C:\Program Files (x86)\CouupuExtension
2015-05-14 21:21 - 2015-05-14 21:21 - 00001459 _____ () C:\Users\termis\Desktop\4Story.lnk
2015-05-12 21:15 - 2015-05-28 20:02 - 00000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-05-11 22:24 - 2015-05-17 18:00 - 00000000 ____D () C:\Users\termis\AppData\Local\CrashDumps
2015-05-11 22:22 - 2015-05-15 12:50 - 65751896 _____ () C:\Users\termis\Desktop\SmiteInstaller.exe
2015-05-09 17:57 - 2015-05-09 17:57 - 493933591 _____ () C:\Windows\MEMORY.DMP
2015-05-09 17:57 - 2015-05-09 17:57 - 00275352 _____ () C:\Windows\Minidump\050915-11029-01.dmp
2015-05-09 17:57 - 2015-05-09 17:57 - 00000000 ____D () C:\Windows\Minidump
2015-05-07 22:48 - 2015-05-07 22:51 - 00000178 _____ () C:\Users\termis\Desktop\index.html
2015-05-07 22:23 - 2015-05-14 14:46 - 00000000 ____D () C:\Users\termis\AppData\Roaming\FileZilla
2015-05-07 22:23 - 2015-05-07 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-05-06 15:40 - 2015-05-06 15:44 - 00010716 _____ () C:\Users\termis\Desktop\ip verteilung HOME.xlsx
2015-05-06 12:37 - 2015-03-03 14:52 - 03341384 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-05-06 12:36 - 2015-05-06 12:36 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2015-05-06 10:04 - 2015-05-06 10:04 - 00000976 _____ () C:\Users\Public\Desktop\4Story.lnk
2015-05-06 08:03 - 2015-05-14 21:16 - 00000000 ____D () C:\Users\termis\Downloads\Gameforge Live
2015-05-06 08:03 - 2015-05-06 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-05-06 08:03 - 2015-05-06 08:03 - 00000702 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-05-06 08:03 - 2015-05-06 08:03 - 00000000 ____D () C:\Users\termis\AppData\Local\Gameforge4d
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\Program Files\MSI Kombustor 3
2015-05-05 15:15 - 2015-05-05 15:21 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-05-05 15:14 - 2015-05-05 15:21 - 00001086 _____ () C:\Users\termis\Desktop\MSI Afterburner.lnk
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-05-05 13:15 - 2015-05-05 13:15 - 00000000 ____D () C:\ProgramData\ATI
2015-05-05 13:14 - 2015-05-05 13:14 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201505051314138288.log
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-04 09:27 - 2015-05-04 09:27 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-04 09:27 - 2015-05-04 09:27 - 00000000 ____D () C:\Program Files\Java
2015-05-04 09:10 - 2015-05-03 11:18 - 04697768 _____ () C:\Users\termis\Desktop\TechnicLauncher.exe
2015-05-04 09:08 - 2015-05-04 14:48 - 00000000 ____D () C:\Program Files (x86)\DigiCooUpOn
2015-05-04 09:08 - 2015-05-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Share link via email
2015-05-04 09:05 - 2015-05-04 09:05 - 00000000 ____D () C:\Users\termis\AppData\Roaming\.technic
2015-05-04 09:04 - 2015-05-04 09:04 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Sun
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-28 20:51 - 2008-08-15 16:30 - 01013622 _____ () C:\Users\termis\Desktop\DWLG700AP_FW231b01.bin
2015-04-28 18:58 - 2015-04-28 18:58 - 00000000 ____D () C:\Users\termis\Desktop\Neuer Ordner
2015-04-28 18:52 - 2015-04-28 18:52 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-28 18:52 - 2015-04-28 18:52 - 00001135 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-04-28 18:52 - 2015-04-28 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-28 18:52 - 2015-04-28 18:52 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-04-28 18:43 - 2015-04-28 18:52 - 00000000 ____D () C:\Users\termis\AppData\Roaming\DVDVideoSoft
2015-04-28 18:42 - 2015-04-28 18:42 - 00000000 ____D () C:\Users\termis\Documents\DVDVideoSoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 20:05 - 2015-03-30 12:20 - 00000000 ____D () C:\Users\termis
2015-05-28 19:48 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 19:48 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 19:09 - 2015-03-30 12:58 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 19:09 - 2015-03-30 12:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 19:03 - 2015-03-30 12:16 - 00301837 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 17:54 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-05-28 17:54 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-05-28 17:54 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 17:50 - 2015-04-26 14:15 - 00000000 ____D () C:\Users\termis\Desktop\steam
2015-05-28 17:48 - 2015-04-12 13:17 - 00006023 _____ () C:\Windows\system32\Service_KMS.log
2015-05-28 17:48 - 2015-03-30 13:01 - 00000000 ____D () C:\Users\termis\AppData\Local\Overwolf
2015-05-28 17:48 - 2015-03-30 12:46 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Raptr
2015-05-28 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 17:48 - 2009-07-14 06:51 - 00032212 _____ () C:\Windows\setupact.log
2015-05-27 17:29 - 2015-04-12 17:29 - 00005568 _____ () C:\Windows\system32\AutoPico.log
2015-05-26 19:11 - 2015-03-30 13:11 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 17:59 - 2015-04-07 18:39 - 00000000 ____D () C:\ProgramData\9499063393622493631
2015-05-24 17:18 - 2015-03-31 21:41 - 00001462 _____ () C:\Windows\Sandboxie.ini
2015-05-23 18:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-23 18:02 - 2015-04-01 22:10 - 00007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-05-20 19:04 - 2015-03-30 12:58 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 19:04 - 2015-03-30 12:58 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-20 19:03 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-11 22:26 - 2015-04-12 14:28 - 00000020 _____ () C:\Users\termis\AppData\Roaming\appdataFr3.bin
2015-05-05 13:14 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\AMD
2015-05-05 13:14 - 2015-03-30 12:39 - 00000000 ____D () C:\Program Files\AMD
2015-05-05 13:13 - 2015-03-30 12:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-05 13:12 - 2015-03-30 12:36 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-05 13:10 - 2015-03-30 12:38 - 00000000 ____D () C:\AMD
2015-05-04 18:47 - 2015-03-30 14:56 - 00007060 _____ () C:\Windows\PFRO.log
2015-05-04 18:47 - 2009-07-14 06:45 - 00457104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-04 14:45 - 2015-03-30 12:37 - 00111968 _____ () C:\Users\termis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-30 16:59 - 2015-04-27 20:57 - 00000000 ____D () C:\Windows\SysWOW64\Codecs
2015-04-29 20:01 - 2015-04-12 17:27 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Notepad++
2015-04-28 20:54 - 2015-04-17 19:22 - 00000000 ____D () C:\Program Files (x86)\SaaVVeLootss

==================== Files in the root of some directories =======

2015-05-12 21:15 - 2015-05-28 20:02 - 0000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-04-12 14:28 - 2015-05-11 22:26 - 0000020 _____ () C:\Users\termis\AppData\Roaming\appdataFr3.bin
2015-04-01 22:10 - 2015-05-23 18:02 - 0007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-04-28 20:54 - 2015-05-04 14:48 - 0011886 _____ () C:\Users\termis\AppData\Local\Temp-log.txt

Files to move or delete:
====================
C:\Users\termis\init.cmd


Some files in TEMP:
====================
C:\Users\termis\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\termis\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\termis\AppData\Local\Temp\F840.exe
C:\Users\termis\AppData\Local\Temp\OnlineBackup.exe
C:\Users\termis\AppData\Local\Temp\raptrpatch.exe
C:\Users\termis\AppData\Local\Temp\raptr_stub.exe
C:\Users\termis\AppData\Local\Temp\vcredist_x64.exe
C:\Users\termis\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:07

==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by termis at 2015-05-28 20:06:42
Running from C:\Users\termis\Desktop\Neuer Ordner (2)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3622345197-898242485-877740896-500 - Administrator - Disabled)
Gast (S-1-5-21-3622345197-898242485-877740896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3622345197-898242485-877740896-1002 - Limited - Enabled)
termis (S-1-5-21-3622345197-898242485-877740896-1000 - Administrator - Enabled) => C:\Users\termis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Story DE 5.1.271 (HKLM-x32\...\4Story_DE_is1) (Version: 5.1.271 - Gameforge4D GmbH)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{69FB248E-690D-434F-94A7-248D5F1ECD70}) (Version: 3.2.1.0439 - Advanced Micro Devices, Inc.)
BesttSaveForYoou (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version:  - "") <==== ATTENTION
Browser AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Browser AdBlocker) <==== ATTENTION
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
CouupuExtension (HKLM-x32\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version:  - "") <==== ATTENTION
DriverTuner 3.1.0.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Free YouTube to MP3 Converter version 3.12.59.415 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.415 - DVDVideoSoft Ltd.)
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HostCabinet  Who is hosting that website (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - "") <==== ATTENTION
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KMSpico 8.7 (HKLM\...\KMSpico v8.7_is1) (Version: 8.7 - )
Liveupdate4 (HKLM-x32\...\Liveupdate4_is1) (Version:  - MSI, Inc.)
Media Player Codec Pack 4.3.7 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.7 - Media Player Codec Pack)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Kombustor 3.5.1 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NewSAvuer (HKLM-x32\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version:  - "") <==== ATTENTION
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OverclockingCenter (HKLM-x32\...\OverclockingCenter_is1) (Version:  - MSI, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
PC Alert 4 (HKLM-x32\...\PC Alert 4) (Version:  - )
Pinner for Pinterest (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SoftwareMaster (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{165c96fd}) (Version:  - SoftwareMaster) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows-Treiberpaket - Alcor Micro, Corp. (AmUStor) USB  (06/06/2013 1.0.38.135) (HKLM\...\3963100BDA54D827C7E34F50100200C40CF1DBF4) (Version: 06/06/2013 1.0.38.135 - Alcor Micro, Corp.)
Windows-Treiberpaket - AMD USB  (03/30/2010 1.0.0.5) (HKLM\...\D38587A239DFF85877AA1BCAA58B37B5CF7A6AF5) (Version: 03/30/2010 1.0.0.5 - AMD)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-05-2015 18:00:43 Geplanter Prüfpunkt
27-05-2015 21:10:53 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01518F73-CD2A-426E-9A9D-A96C16951B38} - System32\Tasks\AutoPico Daily Restart => G:\Program Files\KMSpico\AutoPico.exe [2013-09-07] ()
Task: {1170C4F8-F580-48E5-8064-59CE4F791AB6} - System32\Tasks\Overwolf Updater Task => G:\programme\Overwolf\OverwolfUpdater.exe [2015-05-04] (Overwolf LTD)
Task: {1FF6F32A-026C-49AF-8BE2-4A2CFA7F87E1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3A3639E6-8FCF-4CD5-B473-C93E05EEA6E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {4F188372-417A-47F2-8B64-C7B89CCC3D25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {52967D8F-5CC5-45BF-854A-E2E3D6FBE84E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BB131BAF-7896-4695-B349-B61205D6DEC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.)
Task: {FDF69C10-5773-43A6-8F42-EED6C3B425D1} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-05 01:24 - 2015-02-05 01:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-03-30 12:23 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2015-03-29 12:25 - 2015-03-29 12:25 - 00043480 _____ () G:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () G:\programme\Notepad++\NppShell_06.dll
2014-04-07 18:38 - 2014-04-07 18:38 - 00464896 _____ () C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () G:\programme\teamspeak2\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () G:\programme\teamspeak2\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () G:\programme\teamspeak2\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00102344 _____ () G:\programme\teamspeak2\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00108488 _____ () G:\programme\teamspeak2\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () G:\programme\teamspeak2\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () G:\programme\teamspeak2\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00563656 _____ () G:\programme\teamspeak2\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00577480 _____ () G:\programme\teamspeak2\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () G:\programme\teamspeak2\accessible\qtaccessiblewidgets.dll
2015-03-14 07:49 - 2015-03-14 07:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-04-07 18:42 - 2015-04-07 18:42 - 01609728 _____ () c:\Program Files (x86)\TurboSys\TurboSys.dll
2015-03-30 12:23 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 00025600 _____ () G:\programme\Overwolf\0.85.190.0\CoreAudioApi.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 40555008 _____ () G:\programme\Overwolf\0.85.190.0\libcef.DLL
2015-02-02 09:52 - 2015-02-02 09:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-23 00:57 - 2010-11-23 00:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 01:26 - 2014-05-14 01:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-23 00:56 - 2010-11-23 00:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-14 02:37 - 2014-08-14 02:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 02:37 - 2014-08-14 02:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-23 00:56 - 2010-11-23 00:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2015-05-15 04:21 - 2015-05-15 04:21 - 02540288 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-23 00:56 - 2010-11-23 00:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2013-11-21 02:05 - 2013-11-21 02:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-23 00:57 - 2010-11-23 00:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 02:56 - 2014-06-18 02:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 20:17 - 2011-02-15 20:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 01:06 - 2010-11-23 01:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 01:52 - 2013-05-10 01:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 20:56 - 2013-05-03 20:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 20:57 - 2013-05-03 20:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2015-05-04 13:08 - 2015-05-04 13:08 - 01565128 _____ () G:\programme\Overwolf\0.85.190.0\teamspeak_control_win32.dll
2015-03-30 15:03 - 2014-11-26 03:12 - 40622592 _____ () C:\Users\termis\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-03-30 15:03 - 2014-11-26 03:12 - 00911360 _____ () C:\Users\termis\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-03-30 15:03 - 2014-11-26 03:12 - 00134144 _____ () C:\Users\termis\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2015-04-26 14:15 - 2015-04-16 19:40 - 00776192 _____ () C:\Users\termis\Desktop\steam\SDL2.dll
2015-04-26 14:15 - 2015-04-23 04:16 - 04962816 _____ () C:\Users\termis\Desktop\steam\v8.dll
2015-04-26 14:15 - 2015-04-23 04:16 - 01556992 _____ () C:\Users\termis\Desktop\steam\icui18n.dll
2015-04-26 14:15 - 2015-04-23 04:16 - 01187840 _____ () C:\Users\termis\Desktop\steam\icuuc.dll
2015-04-26 14:15 - 2015-05-15 03:58 - 02396352 _____ () C:\Users\termis\Desktop\steam\video.dll
2015-04-26 14:15 - 2014-12-01 23:31 - 02396672 _____ () C:\Users\termis\Desktop\steam\libavcodec-56.dll
2015-04-26 14:15 - 2014-12-01 23:31 - 00442880 _____ () C:\Users\termis\Desktop\steam\libavutil-54.dll
2015-04-26 14:15 - 2014-12-01 23:31 - 00479744 _____ () C:\Users\termis\Desktop\steam\libavformat-56.dll
2015-04-26 14:15 - 2014-12-01 23:31 - 00332800 _____ () C:\Users\termis\Desktop\steam\libavresample-2.dll
2015-04-26 14:15 - 2014-12-01 23:31 - 00485888 _____ () C:\Users\termis\Desktop\steam\libswscale-3.dll
2015-04-26 14:15 - 2015-05-15 03:57 - 00703168 _____ () C:\Users\termis\Desktop\steam\bin\chromehtml.DLL
2015-04-26 14:15 - 2015-05-11 21:01 - 36302728 _____ () C:\Users\termis\Desktop\steam\bin\libcef.dll
2015-05-26 19:11 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
2015-04-07 19:22 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\termis\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-04-07 19:22 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\termis\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3622345197-898242485-877740896-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AODService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Genie.lnk => C:\Windows\pss\NETGEAR WNA1100 Genie.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PC Alert 4.lnk => C:\Windows\pss\PC Alert 4.lnk.CommonStartup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3AD4D06F31913034FC06DB4BF8525CE7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
MSCONFIG\startupreg: Skype => "G:\programme\skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\steam\steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{678329D2-588D-430D-94CE-4C8F6BC20D52}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{8B106F2B-98C4-413A-B853-DADDC5FD9846}] => (Allow) D:\steam\Steam.exe
FirewallRules: [{6C86DD66-B808-4928-96F2-8FEEAF1019CD}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{99A75BE3-5159-47EA-BCBB-14CEFBF3E336}] => (Allow) D:\steam\bin\steamwebhelper.exe
FirewallRules: [{A34C02E4-7EB1-43BE-B79C-D65193635E38}] => (Allow) D:\steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{613521D0-2442-4F30-95EB-9D4C38CB9FCB}] => (Allow) D:\steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{0A17AFCB-74F0-4A13-83D2-6871161489A9}] => (Allow) D:\steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{8B8540C3-02E8-42C5-8438-E2828C2776A1}] => (Allow) D:\steam\SteamApps\common\Call of Duty Ghosts\iw6mp64_ship.exe
FirewallRules: [{A0014EFD-6E25-441D-8375-5D1456CC7498}] => (Allow) D:\steam\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{7DCCDB4B-CD86-494D-AE4B-6C68DD43C144}] => (Allow) D:\steam\SteamApps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{E1941E0A-C63C-444C-8F56-F51C4B7B8117}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F098F051-6E41-4456-BADA-F7F87B973713}] => (Allow) D:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B7C39207-95ED-4471-9976-A39F2F211F87}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9BB82424-89D0-40C2-A418-E6195F546989}] => (Allow) D:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1EFD6139-4E53-41F5-A6DF-47C440E002B1}] => (Allow) D:\Programme\KMSpico\KMSELDI.exe
FirewallRules: [{D437A52E-7072-4125-8DDF-FC4F9B142381}] => (Allow) D:\Programme\KMSpico\KMSELDI.exe
FirewallRules: [{39F838C0-1825-4FB2-A5A6-BFE778FB4D6B}] => (Allow) G:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{03677273-2A19-4D22-9B8F-F7401B884771}] => (Allow) G:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{D6DB17EF-00E5-4135-9561-56DA9A9BACCD}] => (Allow) G:\programme\skype\Phone\Skype.exe
FirewallRules: [{A48A9E52-7EAE-49FF-A7BB-9057E8213E47}] => (Allow) C:\Users\termis\Desktop\steam\Steam.exe
FirewallRules: [{DD5ED33B-51FD-4CC8-B8A3-4EFEE61968E2}] => (Allow) C:\Users\termis\Desktop\steam\Steam.exe
FirewallRules: [{2713E614-3CFC-418A-85DB-DE63350C35F5}] => (Allow) G:\programme\GameforgeLive\gfl_client.exe
FirewallRules: [{A2BA90B6-DBBD-4F6F-A72F-551402A6AB2D}] => (Allow) C:\Users\termis\Desktop\steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{755A3C22-B6BA-4ED0-9AD8-3C277C1FA9F3}] => (Allow) C:\Users\termis\Desktop\steam\SteamApps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{B12E9897-93AB-47AD-B60D-D92D39C110CB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9B62C733-7647-4A29-A319-64407BE45398}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8E3641EC-0545-4309-8B5E-74B82DBC9DC0}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{83084D48-A9C6-47A6-98FB-1D0A2AD3030D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B92B525F-16C3-42C7-B281-A7D1F5896F8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 09:04:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/25/2015 01:11:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/23/2015 07:24:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2015 00:49:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 05:54:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "42.0.2311.152,language="&#x2a;",type="win32",version="42.0.2311.152"1".
Die abhängige Assemblierung "42.0.2311.152,language="&#x2a;",type="win32",version="42.0.2311.152"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/18/2015 05:54:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm WinRAR archiver wurde wegen dieses Fehlers geschlossen.

Programm: WinRAR archiver
Datei:

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
        - diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
        - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: C000026E
Datenträgertyp: 0

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinRAR.exe, Version: 5.10.4.0, Zeitstempel: 0x53786a0a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be02b
Ausnahmecode: 0xc0000006
Fehleroffset: 0x000000000003548f
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xWinRAR.exe0
Pfad der fehlerhaften Anwendung: WinRAR.exe1
Pfad des fehlerhaften Moduls: WinRAR.exe2
Berichtskennung: WinRAR.exe3

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WinRAR.exe, Version: 5.10.4.0, Zeitstempel: 0x53786a0a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be02b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000159ad
ID des fehlerhaften Prozesses: 0x1dd4
Startzeit der fehlerhaften Anwendung: 0xWinRAR.exe0
Pfad der fehlerhaften Anwendung: WinRAR.exe1
Pfad des fehlerhaften Moduls: WinRAR.exe2
Berichtskennung: WinRAR.exe3

Error: (05/17/2015 06:00:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: javaw.exe, Version: 0.0.0.0, Zeitstempel: 0x54345ca0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be02b
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x000000000003548f
ID des fehlerhaften Prozesses: 0x598
Startzeit der fehlerhaften Anwendung: 0xjavaw.exe0
Pfad der fehlerhaften Anwendung: javaw.exe1
Pfad des fehlerhaften Moduls: javaw.exe2
Berichtskennung: javaw.exe3


System errors:
=============
Error: (05/28/2015 05:48:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/27/2015 08:57:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (05/27/2015 08:46:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B0957D9C-810B-4DE0-9C5E-48DB09C5B413}

Error: (05/27/2015 05:12:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/26/2015 07:03:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/26/2015 07:01:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 00:13:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/25/2015 01:42:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/24/2015 07:39:51 PM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.

Error: (05/24/2015 05:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (05/27/2015 09:04:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"g:\programme\MSI\live update 4\MsiUsbBootTool.exe

Error: (05/25/2015 01:11:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"g:\programme\MSI\live update 4\MsiUsbBootTool.exe

Error: (05/23/2015 07:24:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"g:\programme\MSI\live update 4\MsiUsbBootTool.exe

Error: (05/22/2015 00:49:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"g:\programme\MSI\live update 4\MsiUsbBootTool.exe

Error: (05/18/2015 05:54:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 42.0.2311.152,language="&#x2a;",type="win32",version="42.0.2311.152"c:\Sandbox\termis\defaultbox\drive\C\program files (x86)\Google\Chrome\application\chrome.exe

Error: (05/18/2015 05:54:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"g:\programme\MSI\live update 4\MsiUsbBootTool.exe

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: WinRAR archiverC000026E0

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinRAR.exe5.10.4.053786a0antdll.dll6.1.7600.163854a5be02bc0000006000000000003548f18dc01d090b5a53be8fcC:\Program Files\WinRAR\WinRAR.exeC:\Windows\SYSTEM32\ntdll.dlle0d0ed60-fcad-11e4-9bcf-c3531c579a9a

Error: (05/17/2015 06:00:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinRAR.exe5.10.4.053786a0antdll.dll6.1.7600.163854a5be02bc000000500000000000159ad1dd401d090b882657a74C:\Program Files\WinRAR\WinRAR.exeC:\Windows\SYSTEM32\ntdll.dlle0d0511e-fcad-11e4-9bcf-c3531c579a9a

Error: (05/17/2015 06:00:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: javaw.exe0.0.0.054345ca0ntdll.dll6.1.7600.163854a5be02bc00000fd000000000003548f59801d090b5a1f6c3dbD:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeC:\Windows\SYSTEM32\ntdll.dlldca0ef9e-fcad-11e4-9bcf-c3531c579a9a


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 41%
Total physical RAM: 6143.18 MB
Available physical RAM: 3620.18 MB
Total Pagefile: 12284.51 MB
Available Pagefile: 9333.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:40.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Volume) (Fixed) (Total:232.88 GB) (Free:52.08 GB) NTFS
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Volume) (Fixed) (Total:342.48 GB) (Free:284.93 GB) NTFS
Drive g: () (Fixed) (Total:588.93 GB) (Free:552.5 GB) NTFS
Drive k: () (Removable) (Total:3.69 GB) (Free:3.69 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 39DA49CF)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3D0602AC)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6CDE00F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=588.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=342.5 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================
GMER hat sich nicht öffnen lassen :(

danke schon in voraus!

schrauber 28.05.2015 19:28
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BesttSaveForYoou

    Browser AdBlocker

    CouupuExtension

    HostCabinet Who is hosting that website (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - "") <==== ATTENTION

    NewSAvuer

    Pinner for Pinterest

    SoftwareMaster


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Domi22221 28.05.2015 20:32
combofix hat nach den neustart einen bluescreen verursacht ich weiß nicht ober der log dir weiterhilft


Code:
[Enable Debug Mode]
---- SET : B_InDebugMode = TRUE;
---- DQA Mode Check ... not found , going to user mode
Language ID :
----1. GetSystemDefaultLangID = 407
----2. GetSystemDefaultLCID = 407
----3. GetUserDefaultLangID = 407
----3. GetUserDefaultLCID = 407



1.************************ 0000.0000 -- CLiveupdateDlg::OnInitDialog **********************
µ{¦¡¶}©l
[2015-3-30].[13:8:37]
[02 -- ªì©l¤ÆÅܼÆ]
[03 -- Àˬd LiveUpdate ¬O§_¤w°õ¦æ]
[04 -- ³]©w°õ¦æ LiveUpdate ªºµøµ¡¦W]
[06 -- ³]©w°õ¦æ LiveUpdate ªºµøµ¡¦W]



2.************************ 0021.0005 -- GetLiveUpdateInstallPath **********************
[¬d¸ß LiveUpdate ª©¥»]



3.************************ 0021.0005 -- GetLiveUpdateInstallPath **********************
----1. ´M§ä ... SOFTWARE\Wow6432Node\MSI\Live Update Series\
----6. §ä¨ì¸Ó¦r¦ê , ³o¬O Vista64 ª©¥» *tLiveupdateVersion = 4.0.102
----7. ¦^¶Ç *tPath = G:\programme\MSI\Live Update 4\



4.************************ 0000.0000 -- CLiveupdateDlg::OnInitDialog **********************
¥Ø«e¹q¸£¦w¸Ëªº LiveUpdate ª©¥»¬O : 4.0.102



5.************************ 0000.0000 -- CLiveupdateDlg::OnInitDialog **********************
[LiveUpdate ¹w³]°õ¦æ¸ô®|...]
G:\programme\MSI\Live Update 4\



6.************************ 0000.0000 -- CLiveupdateDlg::OnInitDialog **********************
[°õ¦æªº¦ì¸m«D¹w³]¸ô®|...]
G:\programme\MSI\Live Update 4\LU4\



7.************************ 0000.0003 -- LOAD_DEVICE_DRIVER **********************
[Loading Driver]



8.************************ 0020.0001 -- MSI_LoadNTDriver **********************
[Loading Driver]



9.************************ GET_OS_VERSION **********************
----
 1.dwMajorVersion = 6
 2.dwMinorVersion = 1
 3.dwPlatformId  = 2

os_ver = %1000
Set the SYS file path = G:\programme\MSI\Live Update 4\LU4\msibios64.sys



10.************************ 0020.0002 -- LoadDeviceDriver **********************
[LoadDeviceDriver]



11.************************ 0020.0003 -- InstallDriver **********************
[InstallDriver]
return TRUE



12.************************ 0020.0009 -- MSI_BIOS_DETECT **********************
---- MSI_BIOS_DETECT
---- Do IOCTL_NTACCESS_PORT_IO_MB_VENDOR
---- pszMBVendor = MSI ...
---- Found MSI String ...




13.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml [...¦s¦b]




14.************************ 0000.0004 -- Set_Online_Server_URL **********************
[Liveupdate Server ¸ô®|³]©w] :
---¸ü¤JXML : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml
Server 1 = hxxp://liveupdate4.msi.com/autobios
Server 2 = hxxp://liveupdate4.msi.com/autobios
Online Version = 4.0.100
Size = Unknown
Note = Unknown



15.************************ void MSI_VGACardCheck(void) **********************
[Àˬd MSI VGA Card]
IsWin9x = 0




16.************************ void InstallService(LPCTSTR serviceName,LPCTSTR fileName) **********************
[Install Service ... ]
GetCurrentDirectory = G:\programme\MSI\Live Update 4\LU4\
---- Load G:\programme\MSI\Live Update 4\LU4\FLASHSYS64.sys




17.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\VGACardList.rec [...¦s¦b]
---- Open file : G:\programme\MSI\Live Update 4\LU4\DL_INFO\VGACardList.rec



18.************************ void MSI_VGACardCheck(void) **********************
[Àˬd MSI VGA Card]
---- VGACard_DeviceID = 0x68b8
---- VGA BIOS        = 012.015.000.003.035125
---- VGACard_MarketingName = ATI Radeon HD 5700 Series



19.************************ 0001.0000 -- CLIVEUPDATE_PAGE::OnInitDialog **********************
[°õ¦æ LIVEUPDATE_PAGE ªì©l¤Æ]



20.************************ 0001.0032 -- DoFirstRunSet **********************
[Àˬd¬O§_²Ä¤@¦¸°õ¦æ] :




21.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\Log\CheckList.xml [...¦s¦b]



22.************************ 0010.0030 -- XmlFunc.cpp -- Check_CL **********************
[°õ¦æŪ¨ú CheckList.xml µ{¦¡] :



23.************************ 0001.0007 -- CLIVEUPDATE_PAGE::OnBtnUpdateNow **********************
[°õ¦æ OnBtnUpdateNow] :
---- 10. ¥Ø«e¥¼¤U¸ü¥ô¦óªF¦è  theApp.nWorkStatus != TRUE
---- 11. ¬ÛÃö¤¸¥ó³]©w¦¨ Disable



24.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]



25.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



26.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



27.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LiveUpdate Information...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/BIOSList.xml
To  : G:\programme\MSI\Live Update 4\LU4\temp\BIOSList.xml



28.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_BIOS    = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



29.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\BIOSList.xml
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\BIOSList.xml




30.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\BIOSList.xml [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\BIOSList.xml
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



31.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



32.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



33.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



34.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LiveUpdate Information...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/DrvList.xml
To  : G:\programme\MSI\Live Update 4\LU4\temp\DrvList.xml



35.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_DRIVER  = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



36.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\DrvList.xml
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DrvList.xml




37.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DrvList.xml [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DrvList.xml
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



38.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



39.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



40.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



41.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LiveUpdate Information...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/LU4_VGADRV.xml
To  : G:\programme\MSI\Live Update 4\LU4\temp\LU4_VGADRV.xml



42.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_VGA    = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



43.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\LU4_VGADRV.xml
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_VGADRV.xml




44.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_VGADRV.xml [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_VGADRV.xml
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



45.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



46.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



47.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



48.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LiveUpdate Information...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/APList.xml
To  : G:\programme\MSI\Live Update 4\LU4\temp\APList.xml



49.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_UTILITY = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



50.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\APList.xml
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\APList.xml




51.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\APList.xml [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\APList.xml
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



52.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



53.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



54.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



55.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LU4_INFO.xml ...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/LU4_INFO.xml
To  : G:\programme\MSI\Live Update 4\LU4\temp\LU4_INFO.xml



56.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_LU4INFO = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



57.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\LU4_INFO.xml
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml




58.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



59.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



60.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



61.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



62.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[¤U¸ü LU4_INFO.xml ...] :
From : hxxp://liveupdate4.msi.com/autobios/DataBase/VGACardList.rec
To  : G:\programme\MSI\Live Update 4\LU4\temp\VGACardList.rec



63.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]
iDL_LU4VGACardRec = _DOWNLOAD_SUCCESS[...ÀɮפU¸ü¦¨¥\]



64.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\VGACardList.rec
To  : G:\programme\MSI\Live Update 4\LU4\DL_INFO\VGACardList.rec




65.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\VGACardList.rec [...¦s¦b]
--- 1.§R°£ÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\VGACardList.rec
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



66.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
theApp.iCurrentDownLoad < _DownloadFile



67.************************ 0001.0008 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ DownloadXML] :



68.************************ 0005.0003 -- LiveUpdateInfoLog **********************
[°O¿ý LiveUpdate Log Info...] :
To  : G:\programme\MSI\Live Update 4\LU4\Log\Auto_result.xml



69.************************ 0001.0028 -- Thread_CheckOnlineAllInformation **********************
[°õ¦æ ¦h°õ¦æºü ¥\¯à] :




70.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml [...¦s¦b]




71.************************ 0000.0004 -- Set_Online_Server_URL **********************
[Liveupdate Server ¸ô®|³]©w] :
---¸ü¤JXML : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_INFO.xml
Server 1 = hxxp://liveupdate4.msi.com/autobios
Server 2 = hxxp://liveupdate4.msi.com/autobios
Online Version = 4.0.100
Size = Unknown
Note = Unknown




72.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\BIOSList.xml [...¦s¦b]



73.************************ 0001.0019 -- GetOnlineBIOSInfo **********************
Ū¨úÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\BIOSList.xml



74.************************ 0001.0020 -- GetOnlineDRIVERInfo **********************
Àˬd DRIVER ¸ê°T




75.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DrvList.xml [...¦s¦b]



76.************************ 0001.0020 -- GetOnlineDRIVERInfo **********************
Ū¨úÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DrvList.xml




77.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_VGADRV.xml [...¦s¦b]



78.************************ 0001.0022 -- GetOnlineDRIVERInfo **********************
Ū¨úÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\LU4_VGADRV.xml



79.************************ 000A.0001 -- XmlFunc.cpp -- Check_LV **********************
[XML Data ...] :
--- Current VGA Driver version : 8.17.10.1315
--- Search VGA Card ID : 0x68b8




80.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\APList.xml [...¦s¦b]



81.************************ 0001.0021 -- GetOnlineDRIVERInfo **********************
Ū¨úÀÉ®× : G:\programme\MSI\Live Update 4\LU4\DL_INFO\APList.xml



82.************************ 0001.0023 -- GetLiveUpdateNewVersion **********************
Online : 4.0.100 <  Current : 4.0.102



83.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]




84.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DNFILE.DB [...¤£¦s¦b]



85.************************ 0001.0038 -- RunDownLoadFile **********************
°O¿ý¤Ä¿ïÀɮתº¸ê°T




86.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DNFILE.DB [...¦s¦b]



87.************************ 0001.0038 -- RunDownLoadFile **********************
°O¿ý¤Ä¿ïÀɮתº¸ê°T




88.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_INFO\DNFILE.DB [...¦s¦b]



89.************************ 0001.0038 -- RunDownLoadFile **********************
°O¿ý¤Ä¿ïÀɮתº¸ê°T
---Write DataBase ...
---0. Rec no.  :  2
---1. Type      :  UTILITY
---2. Item Name :  MSI PC Alert 4
---3. Version  :  4.1.2.8
---4. File Name :  MSI PC Alert 4_4.1.2.8
---5. URL      :  SUtility\PCAlert\SUtility.rrf
---6. Status    :  N
-----
---Read DataBase ...
---0. Rec no.  :  2
---1. Type      :  UTILITY
---2. Item Name :  MSI PC Alert 4
---3. Version  :  4.1.2.8
---4. File Name :  MSI PC Alert 4_4.1.2.8
---5. URL      :  SUtility\PCAlert\SUtility.rrf
---6. Status    :  N
-----



90.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]



91.************************ 0001.0030 -- CLIVEUPDATE_PAGE::DownloadFile **********************
[¤U¸üÀÉ®×] : ---- ¤U¸ü¶µ¥Ø¬° : UTILITY
From : hxxp://liveupdate4.msi.com/autobios/XUtility/PCAlert/SUtility.exe
To  : G:\programme\MSI\Live Update 4\LU4\temp\MSI PC Alert 4_4.1.2.8.exe



92.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



93.************************ 0001.0040 -- OnOpendir **********************
err value = 0



94.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]



95.************************ 0001.0015 -- DownloadIsSuccess **********************
[³sÄò¤U¸ü ...][...ÀɮפU¸ü¦¨¥\]
[°õ¦æ¤U¸üµ{¦¡] : G:\programme\MSI\Live Update 4\LU4\temp\MSI PC Alert 4_4.1.2.8.exe



96.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
---- theApp.iCurrentDownLoad == _DownloadSelectFile



97.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\MSI PC Alert 4_4.1.2.8.exe
To  : G:\programme\MSI\Live Update 4\LU4\DL_FILE\MSI PC Alert 4_4.1.2.8.exe




98.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_FILE\MSI PC Alert 4_4.1.2.8.exe [...¤£¦s¦b]
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



99.************************ 0001.0030 -- CLIVEUPDATE_PAGE::DownloadFile **********************
[¤U¸üÀÉ®×] : ---- ¤U¸ü¶µ¥Ø¬° : STOP
---- µ²§ô¤U¸üÀÉ®× theApp.nWorkStatus = FALSE



100.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]



101.************************ 0001.0040 -- OnOpendir **********************
err value = 0



102.************************ 0001.0040 -- OnOpendir **********************
err value = 0



103.************************ 0001.0029 -- CLIVEUPDATE_PAGE::OnDblclkLcLiveupdateResult **********************
[°õ¦æ¤U¸ü¨Æ¥ó CLIVEUPDATE_PAGE::OnDblclkLcLiveupdateResult] :



104.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]



105.************************ 0001.0028 -- DownLoadSelect **********************
[°õ¦æ¤U¸ü¨Æ¥ó CLIVEUPDATE_PAGE::DownLoadSelect] :



106.************************ 0001.0030 -- CLIVEUPDATE_PAGE::DownloadFile **********************
[¤U¸üÀÉ®×] : ---- ¤U¸ü¶µ¥Ø¬° : DRIVER
From : hxxp://liveupdate4.msi.com/autobios/XDriver/Network/PCIE/Vista/SDriver.exe
To  : G:\programme\MSI\Live Update 4\LU4\temp\Realtek 8111 LAN Driver_6.241.0721.2010.exe



107.************************ 0001.0009 -- CLIVEUPDATE_PAGE::DownloadXML **********************
[°õ¦æ URLDownload] :



108.************************ 0001.0015 -- DownloadIsSuccess **********************
[¤U¸ü LiveUpdate Information...]



109.************************ 0005.0005 -- LiveUpdateInfoLog **********************
[½Æ»sÀÉ®× ...] :
From : G:\programme\MSI\Live Update 4\LU4\temp\Realtek 8111 LAN Driver_6.241.0721.2010.exe
To  : G:\programme\MSI\Live Update 4\LU4\DL_FILE\Realtek 8111 LAN Driver_6.241.0721.2010.exe




110.************************ 0005.0011 -- FileFunc.cpp -- CheckFileExist **********************
[ÀˬdÀÉ®×...] : G:\programme\MSI\Live Update 4\LU4\DL_FILE\Realtek 8111 LAN Driver_6.241.0721.2010.exe [...¤£¦s¦b]
--- 2.½Æ»sÀɮצ¨¥\
--- 3. §R°£¼È¦sÀÉ : 1



111.************************ 0001.0015 -- DownloadIsSuccess **********************
[³æ¤@¤U¸ü¦w¸Ë ...][...ÀɮפU¸ü¦¨¥\]
[°õ¦æ¤U¸üµ{¦¡] : G:\programme\MSI\Live Update 4\LU4\DL_FILE\Realtek 8111 LAN Driver_6.241.0721.2010.exe



112.************************ 0001.0030 -- RunDownLoadFile **********************
[°õ¦æ¥~³¡µ{¦¡] :
°Ñ¼Æ theApp.iCurrentDownLoad = _DownloadFile = 100 -> 100



113.************************ 0001.0012 -- CLIVEUPDATE_PAGE::OnNextItem **********************
[°õ¦æ¤U¤@*Ó¤U¸üªº¶µ¥Ø...]
theApp.nWorkStatus = 1
---- theApp.iCurrentDownLoad == _DownloadFile



114.************************ 0001.0030 -- CLIVEUPDATE_PAGE::DownloadFile **********************
[¤U¸üÀÉ®×] : ---- ¤U¸ü¶µ¥Ø¬° : STOP
---- µ²§ô¤U¸üÀÉ®× theApp.nWorkStatus = FALSE



115.************************ 0001.0016 -- LockWhenDownload **********************
[¸Ñ°£ Disable ª¬ºA]

schrauber 29.05.2015 11:49
Wurde von Combofix ein Logfile erstellt?

Domi22221 29.05.2015 17:17
nein leider nicht dachte die datei daweil war das ein anderes programm ^^ sry

Beim 3ten anlauf is jetzt gegangen ^^ :D

Code:
ComboFix 15-05-28.01 - termis 29.05.2015  17:19:34.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.6143.4345 [GMT 2:00]
ausgeführt von:: c:\users\termis\Desktop\Neuer Ordner (2)\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\NeWSaver
c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.dat
c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll
c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe
c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.tlb
c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll
c:\program files (x86)\RoboSAvEr
c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.dat
c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.dll
c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.exe
c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.tlb
c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll
c:\programdata\9499063393622493631
c:\programdata\9499063393622493631\1547aa30421efb5bc11c868457505c34.ini
c:\programdata\9499063393622493631\8eb0729fbf1cb052c11c868457505c34.ini
c:\programdata\9499063393622493631\b1b04b8135a80c97c11c868457505c34.ini
c:\programdata\9499063393622493631\e1a11ca282117dcdc11c868457505c34.ini
.
---- Vorheriger Suchlauf -------
.
c:\program files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dat
c:\program files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll
c:\program files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.exe
c:\program files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.tlb
c:\program files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll
c:\programdata\9499063393622493631\37775abd6f6704a212892e8fcfd4af22.ini
c:\programdata\9499063393622493631\37a553f5bd0c893212892e8fcfd4af22.ini
c:\programdata\9499063393622493631\4775d99c57b1799e12892e8fcfd4af22.ini
c:\programdata\9499063393622493631\4cc9484e5308b1bcc11c868457505c34.ini
c:\programdata\9499063393622493631\954accd1ef18255b12892e8fcfd4af22.ini
c:\programdata\9499063393622493631\ab04ecb30c557b37c11c868457505c34.ini
c:\programdata\9499063393622493631\ad5e6328e91d5a2512892e8fcfd4af22.ini
c:\programdata\9499063393622493631\c5dda8811636467712892e8fcfd4af22.ini
c:\programdata\9499063393622493631\cd5b15e575e1c3d012892e8fcfd4af22.ini
c:\programdata\9499063393622493631\d10de703829fe2d8c11c868457505c34.ini
c:\programdata\9499063393622493631\d1b1b8b13a226202c11c868457505c34.ini
c:\programdata\9499063393622493631\d1b823d8a4cc414912892e8fcfd4af22.ini
c:\programdata\9499063393622493631\d38e8734560118a912892e8fcfd4af22.ini
c:\programdata\9499063393622493631\d6ae24e4beaa0e7212892e8fcfd4af22.ini
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-28 bis 2015-05-29  ))))))))))))))))))))))))))))))
.
.
2015-05-29 15:36 . 2015-05-29 15:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-28 19:50 . 2015-05-28 19:50        --------        d-----w-        c:\program files (x86)\Stolen Camera Finder
2015-05-28 19:49 . 2015-05-28 19:49        --------        d-----w-        c:\program files (x86)\DDownSave
2015-05-28 18:45 . 2015-05-28 18:45        --------        d-----w-        c:\program files (x86)\LinkGeneration
2015-05-28 18:44 . 2015-05-28 18:45        --------        d-----w-        c:\programdata\4d53f2f200001917
2015-05-28 18:37 . 2015-05-28 18:37        --------        d-----w-        c:\users\termis\trojana
2015-05-28 18:06 . 2015-05-28 18:07        --------        d-----w-        C:\FRST
2015-05-12 19:15 . 2015-05-28 19:34        24        ----a-w-        c:\users\termis\AppData\Roaming\appdataFr25.bin
2015-05-11 20:24 . 2015-05-28 18:08        --------        d-----w-        c:\users\termis\AppData\Local\CrashDumps
2015-05-07 20:23 . 2015-05-14 12:46        --------        d-----w-        c:\users\termis\AppData\Roaming\FileZilla
2015-05-06 10:37 . 2015-03-03 12:52        3341384        ----a-w-        c:\windows\SysWow64\GameMon.des
2015-05-06 10:36 . 2015-05-06 10:36        --------        d-----w-        c:\program files\Common Files\INCA Shared
2015-05-06 06:03 . 2015-05-06 06:03        --------        d-----w-        c:\users\termis\AppData\Local\Gameforge4d
2015-05-05 13:24 . 2015-05-05 13:24        --------        d-----w-        c:\program files\MSI Kombustor 3
2015-05-05 13:15 . 2015-05-05 13:21        --------        d-----w-        c:\program files (x86)\RivaTuner Statistics Server
2015-05-05 13:14 . 2015-05-05 13:14        --------        d-----w-        c:\program files (x86)\MSI Afterburner
2015-05-05 11:15 . 2015-05-05 11:15        --------        d-----w-        c:\programdata\ATI
2015-05-05 11:14 . 2015-05-05 11:14        --------        d-----w-        c:\program files (x86)\AMD AVT
2015-05-04 07:27 . 2015-05-04 07:27        110688        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2015-05-04 07:27 . 2015-05-04 07:27        --------        d-----w-        c:\program files\Java
2015-05-04 07:08 . 2015-05-04 12:48        --------        d-----w-        c:\program files (x86)\DigiCooUpOn
2015-05-04 07:08 . 2015-05-04 07:08        --------        d-----w-        c:\program files (x86)\Share link via email
2015-05-04 07:05 . 2015-05-04 07:05        --------        d-----w-        c:\users\termis\AppData\Roaming\.technic
2015-05-04 07:04 . 2015-05-04 07:04        --------        d-----w-        c:\program files (x86)\Common Files\Java
2015-05-04 07:04 . 2015-05-04 07:04        97888        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-05-04 07:04 . 2015-05-04 07:04        --------        d-----w-        c:\programdata\Oracle
2015-05-04 07:04 . 2015-05-04 07:04        --------        d-----w-        c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-11 20:26 . 2015-04-12 12:28        20        ----a-w-        c:\users\termis\AppData\Roaming\appdataFr3.bin
2015-04-15 00:24 . 2015-04-15 00:24        47096        ----a-w-        c:\windows\SysWow64\DiscHandler.exe
2015-04-12 12:09 . 2015-04-12 12:21        114168        -c----w-        c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_b5f9cb81bb629cd4cfce8b53147d564723b5180_cab_2f12865f\jpatch.exe
2015-03-30 11:06 . 2015-03-30 11:06        79256        ----a-r-        c:\users\termis\AppData\Roaming\Microsoft\Installer\{69FB248E-690D-434F-94A7-248D5F1ECD70}\UsersGuide_CAFE62D54E534DE1A75D0E8D057FA709.exe
2015-03-30 11:06 . 2015-03-30 11:06        79256        ----a-r-        c:\users\termis\AppData\Roaming\Microsoft\Installer\{69FB248E-690D-434F-94A7-248D5F1ECD70}\NewShortcut2_F1AD8C9A37F84A18ADCD99FB67588A13.exe
2015-03-30 11:06 . 2015-03-30 11:06        79256        ----a-r-        c:\users\termis\AppData\Roaming\Microsoft\Installer\{69FB248E-690D-434F-94A7-248D5F1ECD70}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2015-03-30 11:06 . 2015-03-30 11:06        46488        ----a-r-        c:\users\termis\AppData\Roaming\Microsoft\Installer\{69FB248E-690D-434F-94A7-248D5F1ECD70}\ARPPRODUCTICON.exe
2015-03-30 10:56 . 2015-03-30 10:54        1243        ----a-w-        c:\users\termis\init.cmd
2015-03-23 00:32 . 2015-03-30 11:22        12002392        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C36C4F45-F14F-444F-BB9A-0FFE2153683F}\mpengine.dll
2015-03-14 05:49 . 2015-03-14 05:49        9728        ----a-w-        c:\windows\SysWow64\RzStats.IPC.dll
2015-03-03 17:47 . 2015-03-30 11:51        129600        ----a-w-        c:\windows\system32\drivers\rzpnk.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38        1720976        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="g:\programme\Overwolf\Overwolf.exe" [2015-05-04 41200]
"SandboxieControl"="g:\programme\sandbox\SbieCtrl.exe" [2015-02-18 785416]
"Codec Pack Update Checker"="c:\windows\system32\Codecs\UpdateChecker.exe" [2015-04-15 55992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2015-05-15 55568]
"DelReg"="g:\programme\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-04-22 590144]
"Codec Settings UAC Manager"="c:\windows\system32\Codecs\CodecUACManager.exe" [2015-04-15 60416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
c:\users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
KMSPico 11.0.1 Update.lnk - c:\programdata\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe --startup=1 [2014-4-7 464896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 61005122;LinkGeneration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver2;AODDriver2;g:\programme\AMD\OverDrive\amd64\AODDriver2.sys;g:\programme\AMD\OverDrive\amd64\AODDriver2.sys [x]
R3 MSICDSetup;MSICDSetup;i:\cdriver64.sys;i:\CDriver64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCAlertDriver;PCAlertDriver;g:\programme\MSI\PC Alert 4\NTGLM7X64.sys;g:\programme\MSI\PC Alert 4\NTGLM7X64.sys [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R4 AODService;AODService;g:\programme\AMD\OverDrive\AODAssist.exe;g:\programme\AMD\OverDrive\AODAssist.exe [x]
R4 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R4 OverwolfUpdater;Overwolf Updater Windows SCM;g:\programme\Overwolf\OverwolfUpdater.exe;g:\programme\Overwolf\OverwolfUpdater.exe [x]
R4 SkypeUpdate;Skype Updater;g:\programme\skype\Updater\Updater.exe;g:\programme\skype\Updater\Updater.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 RZSURROUNDVADService;Razer Surround Audio Service;c:\windows\system32\drivers\RzSurroundVAD.sys;c:\windows\SYSNATIVE\drivers\RzSurroundVAD.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 17:10        986440        ----a-w-        c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30 10:58]
.
2015-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30 10:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:37        2322576        ----a-w-        d:\progra~3\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:37        2322576        ----a-w-        d:\progra~3\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:37        2322576        ----a-w-        d:\progra~3\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://at.search.yahoo.com/?type=888596&fr=spigot-yhp-ie
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
IE: An OneNote s&enden - d:\progra~3\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~3\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E513592B-5643-4A03-B025-23D793277E58}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{252DDBD7-D35F-45D1-B714-65DFC221A04A} - c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.dll
BHO-{5E396A4F-5E02-4878-A3BA-21DFA5D959EB} - c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{252DDBD7-D35F-45D1-B714-65DFC221A04A} - c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll
BHO-{5E396A4F-5E02-4878-A3BA-21DFA5D959EB} - c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll
AddRemove-PC Alert 4 - g:\programme\MSI\PC Alert 4\Uninst.isu
AddRemove-{6A08B379-76FB-B4CF-0C70-CAFCD3635A77} - c:\program files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe
AddRemove-{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} - c:\program files (x86)\RoboSAvEr\2E7psXUruUFECt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-29  18:11:43
ComboFix-quarantined-files.txt  2015-05-29 16:11
.
Vor Suchlauf: 14 Verzeichnis(se), 42.537.480.192 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 42.159.804.416 Bytes frei
.
- - End Of File - - 13DDBF15F944D9FC0ADBCF3E0B6AF128
A36C5E4F47E84449FF07ED3517B43A31

schrauber 30.05.2015 13:23
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Domi22221 30.05.2015 18:59
sry das die antwort erst so spät kommt


mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.05.2015
Suchlauf-Zeit: 18:48:40
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.30.03
Rootkit Datenbank: v2015.05.24.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: termis

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356408
Verstrichene Zeit: 6 Min, 7 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MultiPlug, C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe, 2640, Löschen bei Neustart, [d0fb0396f8923204c0b3153dc939c739]

Module: 1
PUP.Optional.Multiplug, C:\Program Files (x86)\LinkGeneration\LinkGeneration.dll, Löschen bei Neustart, [bb101b7e602ad5612b8691a4eb17669a],

Registrierungsschlüssel: 29
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AF992111-52BE-832B-5882-8477E4A3C99A}, In Quarantäne, [d6f5a5f4becc9f975b024cea44be7a86],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{51417852-174C-88D4-34A0-D0FE7858BE47}, In Quarantäne, [fccf2376dbafd95d114ca492ad55728e],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [0ebd76236426fe38a0c04d2a21e4ff01],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [a328d6c3088296a0b38289f59c69a25e],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, In Quarantäne, [38932970ee9c63d3ecb503de19eabd43],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [2ba0debb612977bfb3829d953fc53bc5],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, [8645a9f08802e551396621d9f211c040],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, In Quarantäne, [00cb4653a9e1c076b77f25cb26dd14ec],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [705b69306c1e45f1a0c0d7a08a7bd729],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [0ac1861366242b0bdd76b23b0003ea16],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [45867524f199a393d77b8469758ef20e],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [12b9f5a44248d66014f8fa01f60d26da],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [2ba00d8cf892a78fed639c5192715aa6],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{61005122}, In Quarantäne, [e6e5d8c1f59581b5bdc97606dd2855ab],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [3893356493f7da5c0a2b7c0226df4fb1],
PUP.Optional.LinkGeneration.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\61005122, In Quarantäne, [d8f33564f49662d40c0a28c5976cee12],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\HomeTab, In Quarantäne, [59724d4cbeccd4624a0ceb2d8e76eb15],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\SearchProtectWS, In Quarantäne, [ab20c5d432581125df763bb263a04db3],
PUP.Optional.TNT.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\TNT2, In Quarantäne, [d1fa7722e5a582b445bf7b747a893ac6],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\WajIntEnhance, In Quarantäne, [cdfe3f5af19948ee49ee8e6270935fa1],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [864514853e4c47efc09ff5823cc959a7],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CBDD7C56-EFAF-40AD-941F-D8E6A3D00D37}, In Quarantäne, [6269b4e5b0da84b2c355bd28bb4842be],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, In Quarantäne, [73580c8d4c3ef046e90160891ee57c84],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, In Quarantäne, [6467b9e0aae0181e24c7bd2ccc372ed2],
PUP.Optional.Linkey.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, In Quarantäne, [1ab1762305855ed858945e8b9b6849b7],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [0bc0b3e6c2c8241251300e6a3acb59a7],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, In Quarantäne, [cb000891a9e1a096985544a5aa59c63a],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, In Quarantäne, [04c7e0b936549f97539b727709fa43bd],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, In Quarantäne, [c902cecbd8b289ad70e144a942c14eb2],

Registrierungswerte: 9
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, In Quarantäne, [0ebd76236426fe38a0c04d2a21e4ff01]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}, In Quarantäne, [2d9e4b4eccbe9a9cec74a8cfcf368a76]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [a328d6c3088296a0b38289f59c69a25e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, In Quarantäne, [705b69306c1e45f1a0c0d7a08a7bd729]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}, In Quarantäne, [8546b0e976147abca7b97601d92c03fd]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [3893356493f7da5c0a2b7c0226df4fb1]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, In Quarantäne, [864514853e4c47efc09ff5823cc959a7]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}, In Quarantäne, [9c2fa3f63e4cd363025d3047020307f9]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CBDD7C56-EFAF-40AD-941F-D8E6A3D00D37}|URL, https://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}, In Quarantäne, [6269b4e5b0da84b2c355bd28bb4842be]

Registrierungsdaten: 8
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W),Ersetzt,[2d9eecadaae01620c8f9f62dd234f808]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[dcefbadf2a608fa70aad052a7294be42]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}),Ersetzt,[8348b6e35238c5718140859eee182bd5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W),Ersetzt,[f2d9a3f6c0ca76c08e33ec374fb7be42]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W),Ersetzt,[d8f3fe9bb9d1ca6c328f92915fa79868]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}),Ersetzt,[6f5ce1b806848fa7259c5ec50bfb4cb4]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[fdce5b3eff8be84e5364d25d52b460a0]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://at.search.yahoo.com/?type=888596&fr=spigot-yhp-ie, Gut: (www.google.com), Schlecht: (https://at.search.yahoo.com/?type=888596&fr=spigot-yhp-ie),Ersetzt,[07c44c4da7e3053140250f167c8a8779]

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 8
PUP.Optional.Multiplug, C:\Program Files (x86)\LinkGeneration\LinkGeneration.dll, Löschen bei Neustart, [bb101b7e602ad5612b8691a4eb17669a],
PUP.Optional.MultiPlug, C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe, Löschen bei Neustart, [d0fb0396f8923204c0b3153dc939c739],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\DDownSave\DDownSave.exe, In Quarantäne, [d6f5a5f4becc9f975b024cea44be7a86],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\SaalePlus\SaalePlus.exe, In Quarantäne, [ba11bedba6e4d561c09dc5715ea44bb5],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Share link via email\Share link via email.exe, In Quarantäne, [22a9efaaf09a1e1884d992a4000249b7],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\Stolen Camera Finder\Stolen Camera Finder.exe, In Quarantäne, [fccf2376dbafd95d114ca492ad55728e],
PUP.Optional.OutBrowse, C:\Users\termis\Downloads\KMSPico 10.0.8.exe, In Quarantäne, [f0db2d6c7317a3932996f2564ab8728e],
PUP.Optional.MultiPlug, C:\Users\termis\Downloads\KMSPico 11.0.1 Update.exe, In Quarantäne, [73587128a5e53303561dc78b46bc58a8],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
adwcleaner

Code:
# AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 19:40:23
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Ultimate  (x64)
# Benutzername : termis - TERMIS-PC
# Gestarted von : C:\Users\termis\Desktop\Neuer Ordner (2)\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\4d53f2f200001917
[!] Ordner Gelöscht : C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[!] Ordner Gelöscht : C:\Program Files (x86)\DDownSave
[!] Ordner Gelöscht : C:\Program Files (x86)\DigiCooUpOn
[!] Ordner Gelöscht : C:\Program Files (x86)\SaalePlus
[!] Ordner Gelöscht : C:\Program Files (x86)\SaaVVeLootss
[!] Ordner Gelöscht : C:\Users\termis\AppData\Roaming\DriverTurbo
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Datei Gelöscht : C:\Users\Public\Desktop\DriverTuner.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P252DDBD7_D35F_45D1_B714_65DFC221A04A_.P252DDBD7_D35F_45D1_B714_65DFC221A04A_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P252DDBD7_D35F_45D1_B714_65DFC221A04A_.P252DDBD7_D35F_45D1_B714_65DFC221A04A_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\a282379d-64ff-11d3-978b-34ab05e1e936
Schlüssel Gelöscht : HKLM\SOFTWARE\b85c3ce7-9e96-0676-f5a0-d428f0b27424
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C3510196-382C-41D1-8E63-6E84DB3709C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner_Init
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v43.0.2357.81

[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] :
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : AB28A21AC366948F5AD19D6759E2717AF9EFFB766B7FBF9FDA074323B2496DA0"},"software_reporter":{"prompt_reason":"60A48A80BB17E6E359D29445E4449E21CA58C12DBF3C350F725FAEBC69379E76","prompt_seed":"366F71C66ED159EC2AFBA7DFAA1877964A51F9C4A245F0B2F6532EE1FD73D10C","prompt_version":"AC502F37A7DC3322B5D01233D7F0D502F6383045C1020FA4C6F7607394DADE56"},"sync":{"remaining_rollback_tries":"772FE1907C62EEE6D4D50FE48474CEF761E1385DC723A7D94DBB1242215033EF"}},"super_mac":"C70AFF6055C308686A8DA49D47C35C72D101EFF2C1E0EC245064688097116D73"},"session":{"startup_urls":["hxxps://at.search.yahoo.com/?type=888596&fr=yo-yhp-ch","hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W

*************************

AdwCleaner[R0].txt - [11730 Bytes] - [30/05/2015 19:35:07]
AdwCleaner[R1].txt - [12300 Bytes] - [30/05/2015 19:37:24]
AdwCleaner[S0].txt - [6632 Bytes] - [30/05/2015 19:40:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6691  Bytes] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Ultimate x64
Ran by termis on 30.05.2015 at 19:43:00,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\termis\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\termis\AppData\Roaming\appdataFr3.bin



~~~ Folders



~~~ Chrome


[C:\Users\termis\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\termis\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\termis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\termis\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2015 at 19:46:37,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frst

Code:
# AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 19:40:23
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Ultimate  (x64)
# Benutzername : termis - TERMIS-PC
# Gestarted von : C:\Users\termis\Desktop\Neuer Ordner (2)\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\4d53f2f200001917
[!] Ordner Gelöscht : C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[!] Ordner Gelöscht : C:\Program Files (x86)\DDownSave
[!] Ordner Gelöscht : C:\Program Files (x86)\DigiCooUpOn
[!] Ordner Gelöscht : C:\Program Files (x86)\SaalePlus
[!] Ordner Gelöscht : C:\Program Files (x86)\SaaVVeLootss
[!] Ordner Gelöscht : C:\Users\termis\AppData\Roaming\DriverTurbo
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
[!] Ordner Gelöscht : C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Datei Gelöscht : C:\Users\Public\Desktop\DriverTuner.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : LaunchSignup

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P252DDBD7_D35F_45D1_B714_65DFC221A04A_.P252DDBD7_D35F_45D1_B714_65DFC221A04A_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P252DDBD7_D35F_45D1_B714_65DFC221A04A_.P252DDBD7_D35F_45D1_B714_65DFC221A04A_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.P5E396A4F_5E02_4878_A3BA_21DFA5D959EB_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\a282379d-64ff-11d3-978b-34ab05e1e936
Schlüssel Gelöscht : HKLM\SOFTWARE\b85c3ce7-9e96-0676-f5a0-d428f0b27424
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A63C49A5-6CC1-4579-A883-AE6B3E91108D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C3510196-382C-41D1-8E63-6E84DB3709C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{252DDBD7-D35F-45D1-B714-65DFC221A04A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E396A4F-5E02-4878-A3BA-21DFA5D959EB}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner_Init
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{520C1D80-935C-42B9-9340-E883849D804F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}

***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v43.0.2357.81

[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W&q={searchTerms}
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] :
[C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : AB28A21AC366948F5AD19D6759E2717AF9EFFB766B7FBF9FDA074323B2496DA0"},"software_reporter":{"prompt_reason":"60A48A80BB17E6E359D29445E4449E21CA58C12DBF3C350F725FAEBC69379E76","prompt_seed":"366F71C66ED159EC2AFBA7DFAA1877964A51F9C4A245F0B2F6532EE1FD73D10C","prompt_version":"AC502F37A7DC3322B5D01233D7F0D502F6383045C1020FA4C6F7607394DADE56"},"sync":{"remaining_rollback_tries":"772FE1907C62EEE6D4D50FE48474CEF761E1385DC723A7D94DBB1242215033EF"}},"super_mac":"C70AFF6055C308686A8DA49D47C35C72D101EFF2C1E0EC245064688097116D73"},"session":{"startup_urls":["hxxps://at.search.yahoo.com/?type=888596&fr=yo-yhp-ch","hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1428425076&from=wpc&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBFB71997W

*************************

AdwCleaner[R0].txt - [11730 Bytes] - [30/05/2015 19:35:07]
AdwCleaner[R1].txt - [12300 Bytes] - [30/05/2015 19:37:24]
AdwCleaner[S0].txt - [6632 Bytes] - [30/05/2015 19:40:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6691  Bytes] ##########
nach den FRST scan kam in chrome wider diese werbungen

http://agh-clan.kilu.at/Unbenannt6.PNG

und die werbung sieht so aus das worte als link gekenzeichnet werden und wenn man draufdrückt kommt dan ne werbe seite bzw wenn man eine seite öffnet dan öffnet sich ein neuer tab mit werbung

http://agh-clan.kilu.at/Unbenannt5.PNG
http://agh-clan.kilu.at/Unbenannt7.PNG

schrauber 31.05.2015 13:47
Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Frisches FRST log bitte.

Domi22221 02.06.2015 17:02
Erledigt ^^


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by termis (administrator) on TERMIS-PC on 02-06-2015 17:52:54
Running from C:\Users\termis\Desktop\Neuer Ordner (2)
Loaded Profiles: termis (Available Profiles: termis)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) G:\programme\sandbox\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Overwolf LTD) G:\programme\Overwolf\Overwolf.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper64.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\Steam.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TeamSpeak Systems GmbH) G:\programme\teamspeak2\ts3client_win64.exe
(Overwolf LTD) G:\programme\Overwolf\0.85.190.0\OverwolfTSHelper.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [DelReg] => G:\programme\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [60416 2015-04-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Overwolf] => G:\programme\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [SandboxieControl] => G:\programme\sandbox\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
Startup: C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSPico 11.0.1 Update.lnk [2015-04-07]
ShortcutTarget: KMSPico 11.0.1 Update.lnk -> C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E513592B-5643-4A03-B025-23D793277E58}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~3\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-02]
CHR Extension: (Google Docs) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-02]
CHR Extension: (Google Drive) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-02]
CHR Extension: (YouTube) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-02]
CHR Extension: (Google Search) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-02]
CHR Extension: (Google Sheets) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-02]
CHR Extension: (Google Wallet) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-02]
CHR Extension: (Gmail) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 AODService; G:\programme\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3341384 2015-03-03] (INCA Internet Co., Ltd.)
S4 OverwolfUpdater; G:\programme\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 SbieSvc; G:\programme\sandbox\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S4 SkypeUpdate; G:\programme\skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver2; G:\programme\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-04-23] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SbieDrv; G:\programme\sandbox\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\I:\CDriver64.sys [X]
S3 PCAlertDriver; \??\G:\programme\MSI\PC Alert 4\NTGLM7X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 17:50 - 2015-06-02 17:50 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-02 17:50 - 2015-06-02 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-02 17:43 - 2015-06-02 17:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 17:43 - 2015-06-02 17:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 17:43 - 2015-06-02 17:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-02 17:43 - 2015-06-02 17:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-30 19:53 - 2015-05-30 19:54 - 06471520 _____ (Tim Kosse) C:\Users\termis\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-05-30 19:45 - 2015-05-30 21:18 - 00000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-05-30 19:43 - 2015-05-30 19:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TERMIS-PC-Windows-7-Ultimate-(64-bit).dat
2015-05-30 19:43 - 2015-05-30 19:43 - 00000000 ____D () C:\RegBackup
2015-05-30 19:35 - 2015-05-30 19:40 - 00000000 ____D () C:\AdwCleaner
2015-05-30 18:42 - 2015-06-02 17:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 18:41 - 2015-05-30 18:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 18:41 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 18:41 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 18:41 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 18:12 - 2015-05-29 18:12 - 00018092 _____ () C:\ComboFix.txt
2015-05-28 21:50 - 2015-05-30 18:54 - 00000000 ____D () C:\Program Files (x86)\Stolen Camera Finder
2015-05-28 21:29 - 2015-05-28 21:29 - 00275296 _____ () C:\Windows\Minidump\052815-11871-01.dmp
2015-05-28 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 20:48 - 2015-05-29 18:14 - 00000000 ____D () C:\Qoobox
2015-05-28 20:48 - 2015-05-29 18:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 20:45 - 2015-05-30 18:55 - 00000000 ____D () C:\Program Files (x86)\LinkGeneration
2015-05-28 20:40 - 2015-05-28 20:40 - 00000000 _____ () C:\Users\termis\AppData\Local\Temp.dat
2015-05-28 20:37 - 2015-05-28 20:37 - 00001041 _____ () C:\Users\termis\Desktop\Revo Uninstaller.lnk
2015-05-28 20:37 - 2015-05-28 20:37 - 00000000 ____D () C:\Users\termis\trojana
2015-05-28 20:06 - 2015-06-02 17:52 - 00000000 ____D () C:\FRST
2015-05-28 20:05 - 2015-06-02 17:41 - 00000000 ____D () C:\Users\termis\Desktop\Neuer Ordner (2)
2015-05-28 20:05 - 2015-05-28 20:05 - 00000000 _____ () C:\Users\termis\defogger_reenable
2015-05-14 21:21 - 2015-05-14 21:21 - 00001459 _____ () C:\Users\termis\Desktop\4Story.lnk
2015-05-11 22:24 - 2015-05-28 20:08 - 00000000 ____D () C:\Users\termis\AppData\Local\CrashDumps
2015-05-11 22:22 - 2015-05-15 12:50 - 65751896 _____ () C:\Users\termis\Desktop\SmiteInstaller.exe
2015-05-09 17:57 - 2015-05-28 21:29 - 00000000 ____D () C:\Windows\Minidump
2015-05-09 17:57 - 2015-05-28 21:28 - 460611867 _____ () C:\Windows\MEMORY.DMP
2015-05-09 17:57 - 2015-05-09 17:57 - 00275352 _____ () C:\Windows\Minidump\050915-11029-01.dmp
2015-05-07 22:48 - 2015-05-07 22:51 - 00000178 _____ () C:\Users\termis\Desktop\index.html
2015-05-07 22:23 - 2015-05-30 20:03 - 00000000 ____D () C:\Users\termis\AppData\Roaming\FileZilla
2015-05-07 22:23 - 2015-05-07 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-05-06 15:40 - 2015-05-06 15:44 - 00010716 _____ () C:\Users\termis\Desktop\ip verteilung HOME.xlsx
2015-05-06 12:37 - 2015-03-03 14:52 - 03341384 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-05-06 12:36 - 2015-05-06 12:36 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2015-05-06 10:04 - 2015-05-06 10:04 - 00000976 _____ () C:\Users\Public\Desktop\4Story.lnk
2015-05-06 08:03 - 2015-05-14 21:16 - 00000000 ____D () C:\Users\termis\Downloads\Gameforge Live
2015-05-06 08:03 - 2015-05-06 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-05-06 08:03 - 2015-05-06 08:03 - 00000702 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-05-06 08:03 - 2015-05-06 08:03 - 00000000 ____D () C:\Users\termis\AppData\Local\Gameforge4d
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\Program Files\MSI Kombustor 3
2015-05-05 15:15 - 2015-05-05 15:21 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-05-05 15:14 - 2015-05-05 15:21 - 00001086 _____ () C:\Users\termis\Desktop\MSI Afterburner.lnk
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-05-05 13:15 - 2015-05-05 13:15 - 00000000 ____D () C:\ProgramData\ATI
2015-05-05 13:14 - 2015-05-05 13:14 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201505051314138288.log
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-04 09:27 - 2015-05-04 09:27 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-04 09:27 - 2015-05-04 09:27 - 00000000 ____D () C:\Program Files\Java
2015-05-04 09:10 - 2015-05-03 11:18 - 04697768 _____ () C:\Users\termis\Desktop\TechnicLauncher.exe
2015-05-04 09:08 - 2015-05-30 18:54 - 00000000 ____D () C:\Program Files (x86)\Share link via email
2015-05-04 09:05 - 2015-05-04 09:05 - 00000000 ____D () C:\Users\termis\AppData\Roaming\.technic
2015-05-04 09:04 - 2015-05-04 09:04 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Sun
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-04 09:04 - 2015-05-04 09:04 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 17:50 - 2015-03-30 12:58 - 00000000 ____D () C:\Users\termis\AppData\Local\Google
2015-06-02 17:50 - 2015-03-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-06-02 17:46 - 2015-04-26 14:15 - 00000000 ____D () C:\Users\termis\Desktop\steam
2015-06-02 17:46 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-06-02 17:46 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-06-02 17:46 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-02 17:43 - 2015-03-30 12:16 - 00334293 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 17:42 - 2015-03-30 12:20 - 00001439 _____ () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-02 17:40 - 2015-03-31 21:41 - 00001510 _____ () C:\Windows\Sandboxie.ini
2015-06-02 17:40 - 2015-03-30 13:01 - 00000000 ____D () C:\Users\termis\AppData\Local\Overwolf
2015-06-02 17:40 - 2015-03-30 12:46 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Raptr
2015-06-02 17:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 17:40 - 2009-07-14 06:51 - 00032716 _____ () C:\Windows\setupact.log
2015-05-30 21:30 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 21:30 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 19:41 - 2015-03-30 14:56 - 00010944 _____ () C:\Windows\PFRO.log
2015-05-29 18:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 17:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:13 - 2009-07-14 04:34 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-28 20:46 - 2015-04-12 13:17 - 00005571 _____ () C:\Windows\system32\Service_KMS.log
2015-05-28 20:37 - 2015-03-30 12:20 - 00000000 ____D () C:\Users\termis
2015-05-27 17:29 - 2015-04-12 17:29 - 00005568 _____ () C:\Windows\system32\AutoPico.log
2015-05-23 18:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-23 18:02 - 2015-04-01 22:10 - 00007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-05-20 19:03 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-05 13:14 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\AMD
2015-05-05 13:14 - 2015-03-30 12:39 - 00000000 ____D () C:\Program Files\AMD
2015-05-05 13:13 - 2015-03-30 12:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-05 13:12 - 2015-03-30 12:36 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-05 13:10 - 2015-03-30 12:38 - 00000000 ____D () C:\AMD
2015-05-04 18:47 - 2009-07-14 06:45 - 00457104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-04 14:45 - 2015-03-30 12:37 - 00111968 _____ () C:\Users\termis\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2015-05-30 19:45 - 2015-05-30 21:18 - 0000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-04-01 22:10 - 2015-05-23 18:02 - 0007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-04-28 20:54 - 2015-05-04 14:48 - 0011886 _____ () C:\Users\termis\AppData\Local\Temp-log.txt
2015-05-28 20:40 - 2015-05-28 20:40 - 0000000 _____ () C:\Users\termis\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\termis\AppData\Local\Temp\Quarantine.exe
C:\Users\termis\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:07

==================== End of log ============================
ich hätte noch ne frage was kann sein warum meine D Festplatte SSD sich manchmal aufhängt und nicht mehr geht ? :D

schrauber 03.06.2015 11:48
Gute Frage ;)

Keine Ahnung mit der wenig Info, aber klingt nach nem Problem der Platte selbst.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Domi22221 03.06.2015 20:56
Wegen der festplatte : wenn ich ein spiel über die festplatte oder nen film dan hängt sich je nach tag manch mal ises manchmal nicht nach 10 min das game oder der film auf und nach ca 2 min gehts weiter dan wieder nach 10 min biss die festplatte ganz abstürtzt :/

Scans sind in arbeit

und der ESET Scan braucht ziemlich lange bei der SSD festplatte ("D:\") wahrscheinlich gelicher fehler

eset

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b0053922b41e5e459e0c87540d726121
# end=init
# utc_time=2015-06-03 04:05:38
# local_time=2015-06-03 06:05:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7600 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24155
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b0053922b41e5e459e0c87540d726121
# end=updated
# utc_time=2015-06-03 04:20:47
# local_time=2015-06-03 06:20:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7600 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b0053922b41e5e459e0c87540d726121
# engine=24155
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-03 05:53:22
# local_time=2015-06-03 07:53:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 89355 185759673 0 0
# scanned=167183
# found=17
# cleaned=0
# scan_time=5554
sh=AEB2BF8CDE5AB70C53130BB090181DFB767E22EA ft=0 fh=0000000000000000 vn="BAT/TrojanClicker.Small.NCJ Trojaner" ac=I fn="C:\Program Files (x86)\KMSPico 10.0.6\installkms.bat"
sh=706BA138CC351AC3DD4A7906CD61CCB0FDAE8697 ft=1 fh=c71c00119c3fbe03 vn="Variante von Win32/Adware.MultiPlug.KM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.exe.vir"
sh=16948CE22B98F8BE227446F86AD1403450EA4712 ft=1 fh=3f02605108e075e3 vn="Variante von Win64/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll.vir"
sh=FE901ADB96521271103966D8278D295DD0046EB4 ft=1 fh=c71c00115edbd58a vn="Variante von Win32/Adware.MultiPlug.KM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe.vir"
sh=D372E1D87BE3A5D31230B019F2E8B1E72746BB32 ft=1 fh=ae61f9350f1905e4 vn="Variante von Win64/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll.vir"
sh=09000D83856D177C826A6F34D70637E4EFEE07F4 ft=1 fh=c71c00119f7e9c9f vn="Variante von Win32/Adware.MultiPlug.KM Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.dll.vir"
sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.exe.vir"
sh=424AD39F580EE98CA4C58E96A3B51159C3848110 ft=1 fh=ae61f935d03b3f6d vn="Variante von Win64/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll.vir"
sh=A73BDD762B5181CD41B6BE8560C16CC205A1B6AA ft=1 fh=4212543d4f35cffe vn="Variante von Win32/ExpressDownloader.E evtl. unerwünschte Anwendung" ac=I fn="G:\Users\termis\Downloads\eplan_education_2_keygen_downloader.exe"
sh=412D9FD9599E50A7E46CDB1B0B43475D3730D2BC ft=1 fh=2ea44e41dcaa2f5d vn="BAT/TrojanClicker.Small.NCJ Trojaner" ac=I fn="G:\Users\termis\Downloads\KMSPico 10.0.8.exe"
sh=331125E39982B8D4146FA8465609D89D95E25464 ft=1 fh=fab859fd244fe887 vn="Variante von Win32/Adware.MultiPlug.HY Anwendung" ac=I fn="G:\Users\termis\Downloads\KMSPico 11.0.1 Update.exe"
sh=CCE62FF21058C8E03F97E1C5EB6CED22D45AA3BC ft=1 fh=8d0e35074b588c03 vn="Variante von Win32/Toolbar.Widgi.N evtl. unerwünschte Anwendung" ac=I fn="G:\Users\termis\Downloads\media.player.codec.pack.v4.3.7.setup.exe"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F evtl. unerwünschte Anwendung" ac=I fn="G:\Users\termis\Downloads\ReimageRepair.exe"
sh=CE66289B73116BB3A9EC074696A654A68389FD35 ft=1 fh=e9397ac68c2f876e vn="Win32/Solvusoft.A evtl. unerwünschte Anwendung" ac=I fn="G:\Users\termis\Downloads\Setup_DriverDoc_2015.exe"
sh=8B04370C1CF253336D6FA5DDC838CBB0A0886E29 ft=1 fh=de10172b53dc7654 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="G:\Users\termis\Downloads\VLC media player 32 Bit - CHIP-Installer.exe"
checkup

Code:
Results of screen317's Security Check version 1.002 
 Windows 7  x64 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45 
 Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

schrauber 04.06.2015 11:14
das frische FRST log fehlt noch :)

Domi22221 04.06.2015 12:11
sry :D


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01 (ATTENTION: ====> FRSTversion is 8 days old and could be outdated)
Ran by termis (administrator) on TERMIS-PC on 04-06-2015 13:10:33
Running from C:\Users\termis\Desktop\Neuer Ordner (2)
Loaded Profiles: termis &  (Available Profiles: termis)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) G:\programme\sandbox\SbieSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Overwolf LTD) G:\programme\Overwolf\Overwolf.exe
(Sandboxie Holdings, LLC) G:\programme\sandbox\SbieCtrl.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.85.190.0\OverwolfHelper64.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Razer, Inc.) C:\Users\termis\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\Steam.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Users\termis\Desktop\steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [DelReg] => G:\programme\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [60416 2015-04-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Overwolf] => G:\programme\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [SandboxieControl] => G:\programme\sandbox\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3622345197-898242485-877740896-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
HKU\S-1-5-21-3622345197-898242485-877740896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => G:\programme\Overwolf\Overwolf.exe [41200 2015-05-04] (Overwolf LTD)
HKU\S-1-5-21-3622345197-898242485-877740896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => G:\programme\sandbox\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3622345197-898242485-877740896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
Startup: C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSPico 11.0.1 Update.lnk [2015-04-07]
ShortcutTarget: KMSPico 11.0.1 Update.lnk -> C:\ProgramData\{84988492-6cb0-1f20-8498-884926cb1249}\KMSPico 11.0.1 Update.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3622345197-898242485-877740896-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3622345197-898242485-877740896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3622345197-898242485-877740896-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3622345197-898242485-877740896-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{E513592B-5643-4A03-B025-23D793277E58}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~3\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-02]
CHR Extension: (Google Docs) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-02]
CHR Extension: (Google Drive) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-02]
CHR Extension: (YouTube) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-02]
CHR Extension: (Google Search) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-02]
CHR Extension: (Google Sheets) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-02]
CHR Extension: (Bookmark Manager) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-02]
CHR Extension: (Google Wallet) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-02]
CHR Extension: (Gmail) - C:\Users\termis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 AODService; G:\programme\AMD\OverDrive\AODAssist.exe [136616 2010-04-23] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3341384 2015-03-03] (INCA Internet Co., Ltd.)
S4 OverwolfUpdater; G:\programme\Overwolf\OverwolfUpdater.exe [999152 2015-05-04] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 SbieSvc; G:\programme\sandbox\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S4 SkypeUpdate; G:\programme\skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver2; G:\programme\AMD\OverDrive\amd64\AODDriver2.sys [52352 2010-04-23] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
R3 SbieDrv; G:\programme\sandbox\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\I:\CDriver64.sys [X]
S3 PCAlertDriver; \??\G:\programme\MSI\PC Alert 4\NTGLM7X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 13:09 - 2015-06-04 13:09 - 00000724 _____ () C:\Users\Public\Desktop\Minecraft.lnk
2015-06-03 21:53 - 2015-06-03 21:54 - 00852639 _____ () C:\Users\termis\Downloads\SecurityCheck.exe
2015-06-03 19:08 - 2015-06-03 19:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-06-03 18:04 - 2015-06-03 18:04 - 02870984 _____ (ESET) C:\Users\termis\Downloads\esetsmartinstaller_deu.exe
2015-06-03 18:04 - 2015-06-03 18:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-02 18:04 - 2015-06-02 18:04 - 01294088 _____ (Mojang) C:\Users\termis\Downloads\Minecraft.exe
2015-06-02 17:50 - 2015-06-02 17:50 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-02 17:50 - 2015-06-02 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-02 17:43 - 2015-06-04 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 17:43 - 2015-06-03 21:54 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 17:43 - 2015-06-02 18:49 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-02 17:43 - 2015-06-02 18:49 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-30 19:53 - 2015-05-30 19:54 - 06471520 _____ (Tim Kosse) C:\Users\termis\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-05-30 19:45 - 2015-05-30 21:18 - 00000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-05-30 19:43 - 2015-05-30 19:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TERMIS-PC-Windows-7-Ultimate-(64-bit).dat
2015-05-30 19:43 - 2015-05-30 19:43 - 00000000 ____D () C:\RegBackup
2015-05-30 19:35 - 2015-05-30 19:40 - 00000000 ____D () C:\AdwCleaner
2015-05-30 18:42 - 2015-06-04 13:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 18:41 - 2015-05-30 18:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-30 18:41 - 2015-05-30 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-30 18:41 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 18:41 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 18:41 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 18:12 - 2015-05-29 18:12 - 00018092 _____ () C:\ComboFix.txt
2015-05-28 21:50 - 2015-05-30 18:54 - 00000000 ____D () C:\Program Files (x86)\Stolen Camera Finder
2015-05-28 21:29 - 2015-05-28 21:29 - 00275296 _____ () C:\Windows\Minidump\052815-11871-01.dmp
2015-05-28 20:49 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 20:49 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 20:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 20:49 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 20:48 - 2015-05-29 18:14 - 00000000 ____D () C:\Qoobox
2015-05-28 20:48 - 2015-05-29 18:03 - 00000000 ____D () C:\Windows\erdnt
2015-05-28 20:45 - 2015-05-30 18:55 - 00000000 ____D () C:\Program Files (x86)\LinkGeneration
2015-05-28 20:40 - 2015-05-28 20:40 - 00000000 _____ () C:\Users\termis\AppData\Local\Temp.dat
2015-05-28 20:37 - 2015-05-28 20:37 - 00001041 _____ () C:\Users\termis\Desktop\Revo Uninstaller.lnk
2015-05-28 20:37 - 2015-05-28 20:37 - 00000000 ____D () C:\Users\termis\trojana
2015-05-28 20:06 - 2015-06-04 13:10 - 00000000 ____D () C:\FRST
2015-05-28 20:05 - 2015-06-03 21:54 - 00000000 ____D () C:\Users\termis\Desktop\Neuer Ordner (2)
2015-05-28 20:05 - 2015-05-28 20:05 - 00000000 _____ () C:\Users\termis\defogger_reenable
2015-05-14 21:21 - 2015-05-14 21:21 - 00001459 _____ () C:\Users\termis\Desktop\4Story.lnk
2015-05-11 22:24 - 2015-06-02 18:10 - 00000000 ____D () C:\Users\termis\AppData\Local\CrashDumps
2015-05-11 22:22 - 2015-05-15 12:50 - 65751896 _____ () C:\Users\termis\Desktop\SmiteInstaller.exe
2015-05-09 17:57 - 2015-05-28 21:29 - 00000000 ____D () C:\Windows\Minidump
2015-05-09 17:57 - 2015-05-28 21:28 - 460611867 _____ () C:\Windows\MEMORY.DMP
2015-05-09 17:57 - 2015-05-09 17:57 - 00275352 _____ () C:\Windows\Minidump\050915-11029-01.dmp
2015-05-07 22:48 - 2015-05-07 22:51 - 00000178 _____ () C:\Users\termis\Desktop\index.html
2015-05-07 22:23 - 2015-05-30 20:03 - 00000000 ____D () C:\Users\termis\AppData\Roaming\FileZilla
2015-05-07 22:23 - 2015-05-07 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-05-06 15:40 - 2015-05-06 15:44 - 00010716 _____ () C:\Users\termis\Desktop\ip verteilung HOME.xlsx
2015-05-06 12:37 - 2015-03-03 14:52 - 03341384 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-05-06 12:36 - 2015-05-06 12:36 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared
2015-05-06 10:04 - 2015-05-06 10:04 - 00000976 _____ () C:\Users\Public\Desktop\4Story.lnk
2015-05-06 08:03 - 2015-05-14 21:16 - 00000000 ____D () C:\Users\termis\Downloads\Gameforge Live
2015-05-06 08:03 - 2015-05-06 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-05-06 08:03 - 2015-05-06 08:03 - 00000702 _____ () C:\Users\Public\Desktop\Gameforge Live.lnk
2015-05-06 08:03 - 2015-05-06 08:03 - 00000000 ____D () C:\Users\termis\AppData\Local\Gameforge4d
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
2015-05-05 15:24 - 2015-05-05 15:24 - 00000000 ____D () C:\Program Files\MSI Kombustor 3
2015-05-05 15:15 - 2015-05-05 15:21 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-05 15:15 - 2015-05-05 15:15 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-05-05 15:14 - 2015-05-05 15:21 - 00001086 _____ () C:\Users\termis\Desktop\MSI Afterburner.lnk
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-05-05 15:14 - 2015-05-05 15:14 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-05-05 13:15 - 2015-05-05 13:15 - 00000000 ____D () C:\ProgramData\ATI
2015-05-05 13:14 - 2015-05-05 13:14 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201505051314138288.log
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-05 13:14 - 2015-05-05 13:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 13:09 - 2015-04-26 14:15 - 00000000 ____D () C:\Users\termis\Desktop\steam
2015-06-04 13:09 - 2015-04-12 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-06-04 13:07 - 2015-03-30 13:01 - 00000000 ____D () C:\Users\termis\AppData\Local\Overwolf
2015-06-04 13:07 - 2015-03-30 12:46 - 00000000 ____D () C:\Users\termis\AppData\Roaming\Raptr
2015-06-04 13:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-04 13:07 - 2009-07-14 06:51 - 00034344 _____ () C:\Windows\setupact.log
2015-06-04 02:32 - 2015-03-30 12:16 - 00347059 _____ () C:\Windows\WindowsUpdate.log
2015-06-04 02:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 02:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 02:00 - 2009-07-14 19:58 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-06-04 02:00 - 2009-07-14 19:58 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-06-04 02:00 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 18:02 - 2015-03-30 14:56 - 00011256 _____ () C:\Windows\PFRO.log
2015-06-02 17:50 - 2015-03-30 12:58 - 00000000 ____D () C:\Users\termis\AppData\Local\Google
2015-06-02 17:50 - 2015-03-30 12:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-06-02 17:42 - 2015-03-30 12:20 - 00001439 _____ () C:\Users\termis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-02 17:40 - 2015-03-31 21:41 - 00001510 _____ () C:\Windows\Sandboxie.ini
2015-05-30 18:54 - 2015-05-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Share link via email
2015-05-29 18:13 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 17:38 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 21:13 - 2009-07-14 04:34 - 57147392 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 17825792 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-28 21:13 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-28 20:46 - 2015-04-12 13:17 - 00005571 _____ () C:\Windows\system32\Service_KMS.log
2015-05-28 20:37 - 2015-03-30 12:20 - 00000000 ____D () C:\Users\termis
2015-05-27 17:29 - 2015-04-12 17:29 - 00005568 _____ () C:\Windows\system32\AutoPico.log
2015-05-23 18:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-23 18:02 - 2015-04-01 22:10 - 00007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-05-20 19:03 - 2015-03-30 12:46 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-05 13:14 - 2015-03-30 12:46 - 00000000 ____D () C:\ProgramData\AMD
2015-05-05 13:14 - 2015-03-30 12:39 - 00000000 ____D () C:\Program Files\AMD
2015-05-05 13:13 - 2015-03-30 12:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-05 13:12 - 2015-03-30 12:36 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-05 13:10 - 2015-03-30 12:38 - 00000000 ____D () C:\AMD

==================== Files in the root of some directories =======

2015-05-30 19:45 - 2015-05-30 21:18 - 0000024 _____ () C:\Users\termis\AppData\Roaming\appdataFr25.bin
2015-04-01 22:10 - 2015-05-23 18:02 - 0007604 _____ () C:\Users\termis\AppData\Local\Resmon.ResmonCfg
2015-04-28 20:54 - 2015-05-04 14:48 - 0011886 _____ () C:\Users\termis\AppData\Local\Temp-log.txt
2015-05-28 20:40 - 2015-05-28 20:40 - 0000000 _____ () C:\Users\termis\AppData\Local\Temp.dat

Some files in TEMP:
====================
C:\Users\termis\AppData\Local\Temp\Quarantine.exe
C:\Users\termis\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 20:07

==================== End of log ============================

schrauber 04.06.2015 20:51
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files (x86)\KMSPico 10.0.6

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll.vir

G:\Users\termis\Downloads\eplan_education_2_keygen_downloader.exe

G:\Users\termis\Downloads\KMSPico 10.0.8.exe

G:\Users\termis\Downloads\KMSPico 11.0.1 Update.exe

G:\Users\termis\Downloads\media.player.codec.pack.v4.3.7.setup.exe

G:\Users\termis\Downloads\ReimageRepair.exe

G:\Users\termis\Downloads\Setup_DriverDoc_2015.exe

G:\Users\termis\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Windows updaten, da fehlen 4 Jahre Updates.

Domi22221 07.06.2015 15:20
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by termis at 2015-06-05 19:18:59 Run:1
Running from C:\Users\termis\Desktop\Neuer Ordner (2)
Loaded Profiles: termis (Available Profiles: termis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\KMSPico 10.0.6

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.dll.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.exe.vir

C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll.vir

G:\Users\termis\Downloads\eplan_education_2_keygen_downloader.exe

G:\Users\termis\Downloads\KMSPico 10.0.8.exe

G:\Users\termis\Downloads\KMSPico 11.0.1 Update.exe

G:\Users\termis\Downloads\media.player.codec.pack.v4.3.7.setup.exe

G:\Users\termis\Downloads\ReimageRepair.exe

G:\Users\termis\Downloads\Setup_DriverDoc_2015.exe

G:\Users\termis\Downloads\VLC media player 32 Bit - CHIP-Installer.exe
Emptytemp:
       
*****************

C:\Program Files (x86)\KMSPico 10.0.6 => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.dll.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.exe.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\BBesstSaaveFOrYeOU\TmIP1H7xjgOwnD.x64.dll.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.dll.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.exe.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\NeWSaver\BMSsiyaQnuXTtc.x64.dll.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.dll.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.exe.vir => Moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\RoboSAvEr\2E7psXUruUFECt.x64.dll.vir => Moved successfully.
G:\Users\termis\Downloads\eplan_education_2_keygen_downloader.exe => Moved successfully.
G:\Users\termis\Downloads\KMSPico 10.0.8.exe => Moved successfully.
G:\Users\termis\Downloads\KMSPico 11.0.1 Update.exe => Moved successfully.
G:\Users\termis\Downloads\media.player.codec.pack.v4.3.7.setup.exe => Moved successfully.
G:\Users\termis\Downloads\ReimageRepair.exe => Moved successfully.
G:\Users\termis\Downloads\Setup_DriverDoc_2015.exe => Moved successfully.
G:\Users\termis\Downloads\VLC media player 32 Bit - CHIP-Installer.exe => Moved successfully.
EmptyTemp: => Removed 231.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:19:24 ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131