Positive Finds Ads Virus

positive21 · 17.02.2015, 16:38

Hallo Leute,

ich habe ein großes Problem mit diesem " Positive Finds Ads " Virus.

Das hat direkt angefangen nachdem ich " dvdvideosoft " auf den neusten Stand gebracht habe, also auf das neustes Update. Hat sich wahrscheinlich dadurch auf den PC geschlichen.

Dieser Virus schaltet Werbung in allen Browsern, egal auf welcher Seite man sich befindet, es verlinkt auch verschiedene Wörter in Sätzen einfach ( mit Werbung ).

Ich hab schon so einige Programme auf meinem System laufen lassen dies bezüglich, z.B. Malwarebytes Anti-Malware , Adaware, CC-Cleaner.

Auch habe ich Positive Finds Ads Deinstalliert was bestimmt ein Fehler war, da ich die Datei hätte verfolgen können bevor ich sie Deinstalliere.

Es wäre super, wenn mir jemand helfen könnte

Gruß

Warlord711 · 17.02.2015, 16:59

Hallo positive21

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Hier findest du die Anleitung für Hilfesuchende
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.

Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Warlord711 · 17.02.2015, 17:00

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

positive21 · 17.02.2015, 18:23

ADDITION DATEI

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by VL at 2015-02-17 17:21:37
Running from C:\Users\VL\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Akamai NetSession Interface (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
FantasyLC version 1460 (HKLM-x32\...\{E1EAF6A2-9AB5-4DE4-9ECE-C37FF2E3058D}_is1) (Version: 1460 - FantasyLC, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1191 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LAV Filters 0.56.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.56.2 - Hendrik Leppkes)
LCGenericName01 EP1 (HKLM-x32\...\LCGenericName01 EP1) (Version: EP1 - LCGenericName01)
LCGenericName02 EP2 (HKLM-x32\...\LCGenericName02 EP2) (Version: EP2 - LCGenericName02)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MySQL Server 5.1 (HKLM\...\{561AB451-B967-475C-80E0-3B6679C38B52}) (Version: 5.1.38 - MySQL AB)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.1.201412301303 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Spotify (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-02-2015 22:35:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08F19630-5521-4912-947E-B4BA5AAF036C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {22898773-7939-4020-B9B3-86043C5CC55F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {2D40244B-692D-4A31-83DC-A2C6502CE8FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {41213ACE-2B3F-4D0C-B44B-BDEF2167BF6A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5044366E-769B-423D-AD1F-75373C3F2517} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5BAB2320-836A-45CB-8969-9B230EDE6567} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {848F66FD-E1ED-4408-B985-9BEFC35A5A94} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {A001BADB-DF7B-49F3-8AD6-8C842077F874} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {A4BA0A9A-1761-4186-B25C-683638845C9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {BDA25E8F-4F2A-42E6-9DC5-5DDE1EE8EB38} - System32\Tasks\{488E738E-E904-42EA-8026-4E73BFCE1331} => pcalua.exe -a C:\Users\VL\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {DDBCCF83-F755-40B0-9E46-7715846CE77E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-22 16:16 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-18 20:09 - 2009-08-18 20:09 - 07599616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-04-28 01:31 - 2014-10-22 20:41 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-02-13 17:39 - 2014-12-16 20:52 - 00374840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-24 23:25 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-30 01:03 - 2015-01-27 18:59 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 36966968 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-17 19:43 - 2014-12-16 20:52 - 00867896 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00886840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00108600 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-24 23:25 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-24 23:25 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-12-24 23:25 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-12-24 23:25 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-11-21 12:31 - 2014-11-21 12:31 - 00663040 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-11-12 22:47 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VL\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== Accounts: =============================

Administrator (S-1-5-21-1101055978-3567199324-3965171460-500 - Administrator - Disabled)
Gast (S-1-5-21-1101055978-3567199324-3965171460-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1101055978-3567199324-3965171460-1004 - Limited - Enabled)
VL (S-1-5-21-1101055978-3567199324-3965171460-1001 - Administrator - Enabled) => C:\Users\VL

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 00:46:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.108.0, Zeitstempel: 0x53613ec5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4a0
ID des fehlerhaften Prozesses: 0xa6c
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (02/16/2015 10:35:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/16/2015 10:26:26 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/16/2015 09:59:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/16/2015 09:51:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/16/2015 09:42:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17284, Zeitstempel: 0x53f816dc
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023e8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000007b4661
ID des fehlerhaften Prozesses: 0xfec
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5

Error: (02/16/2015 09:16:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.5.2850, Zeitstempel: 0x54b59a16
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000e5994
ID des fehlerhaften Prozesses: 0x1634
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Vollständiger Name des fehlerhaften Pakets: Origin.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Origin.exe5

Error: (02/16/2015 08:31:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/12/2015 10:40:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.108.0, Zeitstempel: 0x53613ec5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4a0
ID des fehlerhaften Prozesses: 0x1b3c
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5

Error: (02/12/2015 10:03:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (02/17/2015 00:46:51 AM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/17/2015 00:46:51 AM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/16/2015 10:27:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/16/2015 10:27:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/16/2015 10:27:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (02/16/2015 10:27:44 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/16/2015 10:16:20 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{D2436734-D563-4D4E-8FB7-2E07C8431772}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (02/16/2015 09:52:27 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/16/2015 09:51:56 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/16/2015 09:14:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MySQL" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (02/17/2015 00:46:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.108.053613ec5KERNELBASE.dll6.3.9600.1763054b0e17ac000014200000000000ec4a0a6c01d04a42d5e5b71bC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dll1394a570-b636-11e4-bf06-f46d049714b2

Error: (02/16/2015 10:35:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (02/16/2015 10:26:26 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/16/2015 09:59:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/16/2015 09:51:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/16/2015 09:42:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcSHELL32.dll6.3.9600.1733154023e8ec000000500000000007b4661fec01d04a25531534d3C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\SHELL32.dll5a0fbe85-b61c-11e4-bf06-f46d049714b2

Error: (02/16/2015 09:16:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.5.285054b59a16ntdll.dll6.3.9600.1763054b0d74fc0000374000e5994163401d04a255b38b342C:\Program Files (x86)\Origin\Origin.exeC:\WINDOWS\SYSTEM32\ntdll.dll9f04d4ee-b618-11e4-bf06-f46d049714b2

Error: (02/16/2015 08:31:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (02/12/2015 10:40:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.108.053613ec5KERNELBASE.dll6.3.9600.1763054b0e17ac000014200000000000ec4a01b3c01d0470c948e3c51C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeKERNELBASE.dlld23ac82c-b2ff-11e4-bf05-f46d049714b2

Error: (02/12/2015 10:03:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2015-02-16 21:12:44.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 21:12:44.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8168.75 MB
Available physical RAM: 5491.67 MB
Total Pagefile: 9448.75 MB
Available Pagefile: 6263.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:20.98 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: ( Power Platte) (Fixed) (Total:931.41 GB) (Free:487.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 629C93B3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A86BFF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8548F675)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Datei

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by VL (administrator) on POSITIVE21 on 17-02-2015 17:21:11
Running from C:\Users\VL\Downloads
Loaded Profiles: VL (Available profiles: VL)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\spotify.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Apple Inc.) E:\Program Files (x86)\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Users\VL\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Akamai NetSession Interface] => C:\Users\VL\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [ApplePhotoStreams] => E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify Web Helper] => C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify] => C:\Users\VL\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudServices] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudDrive] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\MountPoints2: {b315ae4c-99c8-11e4-beff-f46d049714b2} - "G:\startme.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Mediaplayer -> {1536BA74-8625-4240-99B0-BE65883689C8} -> E:\Program Files (x86)\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1101055978-3567199324-3965171460-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.de/
CHR Profile: C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (Adguard AdBlocker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (AdBlock) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-16]
CHR Extension: (YouTube) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google-Suche) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Google Mail) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-10-22] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-01-14] (Sony Mobile Communications)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2013-11-12] (ITE                      )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 17:21 - 2015-02-17 17:21 - 00019016 _____ () C:\Users\VL\Downloads\FRST.txt
2015-02-17 17:20 - 2015-02-17 17:21 - 02085888 _____ (Farbar) C:\Users\VL\Downloads\FRST64.exe
2015-02-17 17:13 - 2015-02-17 17:17 - 00000462 _____ () C:\WINDOWS\setupact.log
2015-02-17 17:13 - 2015-02-17 17:13 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-17 17:04 - 2015-02-17 17:21 - 00000000 ____D () C:\FRST
2015-02-17 16:50 - 2015-02-17 17:07 - 1826790317 _____ () C:\Users\VL\Downloads\Attitude LastChaos.rar
2015-02-17 16:17 - 2015-02-17 16:17 - 00000101 _____ () C:\Users\VL\Desktop\trojaner board.txt
2015-02-16 22:17 - 2015-02-16 22:18 - 38728227 _____ () C:\Users\VL\Downloads\IchhasseSchnee.7z
2015-02-16 22:04 - 2015-02-16 22:04 - 00002323 _____ () C:\Users\VL\Desktop\Chrome App Launcher.lnk
2015-02-16 22:04 - 2015-02-16 22:04 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-16 21:16 - 2015-02-17 17:20 - 00245386 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 21:12 - 2015-02-16 21:14 - 00000000 ____D () C:\AdwCleaner
2015-02-12 22:18 - 2015-02-17 17:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 22:18 - 2015-02-12 22:18 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-12 22:18 - 2015-02-12 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-12 22:17 - 2015-02-12 22:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-12 22:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-12 22:17 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-12 22:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-12 21:59 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:59 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 00:35 - 2015-02-12 00:35 - 00000000 ____D () C:\Users\VL\AppData\Local\Norman Malware Cleaner
2015-02-11 14:06 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:06 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:06 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:06 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:06 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:06 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:06 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:06 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:06 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 14:06 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:06 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:06 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 14:06 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 14:06 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:06 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:06 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:06 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:06 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-27 23:36 - 2015-02-17 16:50 - 00000000 ____D () C:\Users\VL\Downloads\LC Attitude
2015-01-27 22:19 - 2015-01-27 22:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-27 22:09 - 2015-01-27 22:09 - 00000000 ____D () C:\OpenOffice 4
2015-01-24 13:34 - 2015-01-24 13:47 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 17:21 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-17 17:21 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-17 17:21 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-17 17:20 - 2014-11-12 01:16 - 00000000 ___RD () C:\Users\VL\iCloudDrive
2015-02-17 17:20 - 2014-02-13 17:38 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Spotify
2015-02-17 17:19 - 2013-04-27 01:18 - 00000000 ____D () C:\ProgramData\Origin
2015-02-17 17:19 - 2013-04-27 01:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-17 17:19 - 2013-04-27 01:02 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 17:17 - 2013-11-22 16:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 17:17 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-17 17:13 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\VL\AppData\Local\Spotify
2015-02-17 17:13 - 2013-04-27 02:20 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Skype
2015-02-17 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 16:13 - 2013-04-27 01:02 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 16:10 - 2012-07-26 02:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1101055978-3567199324-3965171460-1001
2015-02-17 00:44 - 2014-09-18 22:26 - 00000000 ____D () C:\Users\VL\Downloads\Lc.N.W.O
2015-02-16 21:37 - 2009-11-18 23:21 - 01485824 ___SH () C:\Users\VL\Documents\Thumbs.db
2015-02-16 21:28 - 2013-11-22 18:26 - 03397120 ___SH () C:\Users\VL\Desktop\Thumbs.db
2015-02-16 21:18 - 2013-11-22 21:32 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1016520-2BA8-4A8B-AF43-5094422D4B1E}
2015-02-16 20:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 20:31 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 22:24 - 2013-08-22 14:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2015-02-12 22:17 - 2013-11-22 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 22:15 - 2013-04-27 01:03 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 00:13 - 2013-11-22 16:17 - 00000000 ____D () C:\Users\VL
2015-02-11 15:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 15:26 - 2013-08-22 15:44 - 00370240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 15:24 - 2013-07-27 11:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 15:23 - 2013-04-27 01:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 15:18 - 2013-05-15 18:32 - 00000000 ____D () C:\Users\VL\AppData\Roaming\DVDVideoSoft
2015-02-11 15:17 - 2014-11-03 23:39 - 00144384 ___SH () C:\Users\VL\Downloads\Thumbs.db
2015-02-10 18:42 - 2013-04-28 21:20 - 00000000 ____D () C:\Fraps
2015-02-09 23:55 - 2013-12-31 19:31 - 00000000 ____D () C:\Users\VL\Desktop\Notes
2015-02-09 18:08 - 2013-04-27 01:02 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 18:08 - 2013-04-27 01:02 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 18:46 - 2013-05-06 19:00 - 00000000 ____D () C:\Users\VL\AppData\Roaming\vlc
2015-01-27 23:09 - 2014-05-31 22:37 - 00000000 ____D () C:\Vorms EP3(projet)
2015-01-27 22:19 - 2013-07-30 12:41 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2015-01-27 22:19 - 2013-07-30 12:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2015-01-27 22:09 - 2013-07-30 12:44 - 00000000 ____D () C:\Users\VL\Documents\Bewerbung Allgemein
2015-01-25 18:28 - 2013-05-22 11:08 - 00000000 ____D () C:\Users\VL\.gimp-2.8
2015-01-24 13:47 - 2015-01-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-01-24 13:01 - 2014-12-24 23:26 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-24 13:01 - 2013-05-12 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 13:01 - 2013-05-09 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

==================== Files in the root of some directories =======

2013-05-23 01:26 - 2013-05-23 01:26 - 0006144 _____ () C:\Users\VL\AppData\Roaming\com.apple.antiphishing.db
2014-01-27 21:38 - 2014-01-27 21:38 - 0003584 _____ () C:\Users\VL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-15 21:43 - 2014-10-15 21:43 - 0004022 _____ () C:\Users\VL\AppData\Local\recently-used.xbel
2014-01-14 17:04 - 2014-01-14 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\VL\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\VL\AppData\Local\Temp\Quarantine.exe
C:\Users\VL\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-16 21:51

==================== End Of Log ============================

--- --- ---

--- --- ---

[/CODE]

Warlord711 · 17.02.2015, 18:41

OK, so gehts weiter:

Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall CCleaner.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über

Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)

zu deinstallieren.

Betrifft beim CCleaner nur den Registry-Repair/Tune/whatever Anteil.
Der Rest von CCleaner ist ok.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

positive21 · 17.02.2015, 19:13

So, der findet irgendwie nichts...hatte adwcleaner vorher schon mal auf dem PC gehabt vor paar Tagen und das laufen lassen, danach aber entfernt da es mir nicht geholfen hat bei meinem Problem.

Ich poste trotzdem mal alles, irgendwie hat kein Programm was aufzeichnen können

ADWCLEANER LOG:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 17/02/2015 um 18:52:22
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1 Pro  (x64)
# Benutzername : VL - POSITIVE21
# Gestarted von : C:\Users\VL\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [2376 Bytes] - [16/02/2015 21:12:43]
AdwCleaner[R1].txt - [889 Bytes] - [17/02/2015 18:49:54]
AdwCleaner[S0].txt - [2132 Bytes] - [16/02/2015 21:14:34]
AdwCleaner[S1].txt - [812 Bytes] - [17/02/2015 18:52:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [870  Bytes] ##########

JRT Logs :

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x64
Ran by VL on 17.02.2015 at 18:56:55,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared

Securitycheck konnte nichts aufzeichen, da kam dann nur : UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by VL (administrator) on POSITIVE21 on 17-02-2015 19:03:19
Running from C:\Users\VL\Downloads
Loaded Profiles: VL (Available profiles: VL)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\spotify.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) E:\Program Files (x86)\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Akamai NetSession Interface] => C:\Users\VL\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [ApplePhotoStreams] => E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify Web Helper] => C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify] => C:\Users\VL\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudServices] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudDrive] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\MountPoints2: {b315ae4c-99c8-11e4-beff-f46d049714b2} - "G:\startme.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Mediaplayer -> {1536BA74-8625-4240-99B0-BE65883689C8} -> E:\Program Files (x86)\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1101055978-3567199324-3965171460-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.de/
CHR Profile: C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (Adguard AdBlocker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (AdBlock) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-16]
CHR Extension: (YouTube) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google-Suche) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Google Mail) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-10-22] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-01-14] (Sony Mobile Communications)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2013-11-12] (ITE                      )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 19:01 - 2015-02-17 19:01 - 00852594 _____ () C:\Users\VL\Desktop\SecurityCheck.exe
2015-02-17 18:58 - 2015-02-17 18:58 - 00000689 _____ () C:\Users\VL\Desktop\JRT.txt
2015-02-17 18:56 - 2015-02-17 18:56 - 01388274 _____ (Thisisu) C:\Users\VL\Downloads\JRT.exe
2015-02-17 18:47 - 2015-02-17 18:47 - 02112512 _____ () C:\Users\VL\Desktop\AdwCleaner_4.110.exe
2015-02-17 17:21 - 2015-02-17 19:03 - 00017606 _____ () C:\Users\VL\Downloads\FRST.txt
2015-02-17 17:21 - 2015-02-17 18:14 - 00028755 _____ () C:\Users\VL\Downloads\Addition.txt
2015-02-17 17:20 - 2015-02-17 17:21 - 02085888 _____ (Farbar) C:\Users\VL\Downloads\FRST64.exe
2015-02-17 17:13 - 2015-02-17 18:53 - 00000693 _____ () C:\WINDOWS\setupact.log
2015-02-17 17:13 - 2015-02-17 17:13 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-17 17:04 - 2015-02-17 19:03 - 00000000 ____D () C:\FRST
2015-02-17 16:50 - 2015-02-17 17:07 - 1826790317 _____ () C:\Users\VL\Downloads\Attitude LastChaos.rar
2015-02-17 16:17 - 2015-02-17 16:17 - 00000101 _____ () C:\Users\VL\Desktop\trojaner board.txt
2015-02-16 22:17 - 2015-02-16 22:18 - 38728227 _____ () C:\Users\VL\Downloads\IchhasseSchnee.7z
2015-02-16 22:04 - 2015-02-16 22:04 - 00002323 _____ () C:\Users\VL\Desktop\Chrome App Launcher.lnk
2015-02-16 22:04 - 2015-02-16 22:04 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-16 21:16 - 2015-02-17 18:34 - 00255441 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 21:12 - 2015-02-17 19:02 - 00000000 ____D () C:\AdwCleaner
2015-02-12 21:59 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:59 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 00:35 - 2015-02-12 00:35 - 00000000 ____D () C:\Users\VL\AppData\Local\Norman Malware Cleaner
2015-02-11 14:06 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:06 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:06 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:06 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:06 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:06 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:06 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:06 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:06 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 14:06 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:06 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:06 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 14:06 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 14:06 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:06 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:06 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:06 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:06 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-27 22:19 - 2015-01-27 22:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-27 22:09 - 2015-01-27 22:09 - 00000000 ____D () C:\OpenOffice 4
2015-01-24 13:34 - 2015-01-24 13:47 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 19:02 - 2012-07-26 02:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1101055978-3567199324-3965171460-1001
2015-02-17 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 18:59 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-17 18:59 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-17 18:59 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-17 18:58 - 2014-02-13 17:38 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Spotify
2015-02-17 18:53 - 2014-11-12 01:16 - 00000000 ___RD () C:\Users\VL\iCloudDrive
2015-02-17 18:53 - 2013-04-27 02:20 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Skype
2015-02-17 18:53 - 2013-04-27 01:18 - 00000000 ____D () C:\ProgramData\Origin
2015-02-17 18:53 - 2013-04-27 01:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-17 18:53 - 2013-04-27 01:02 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 18:52 - 2013-11-22 16:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-17 18:52 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-17 18:13 - 2013-04-27 01:02 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 17:13 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\VL\AppData\Local\Spotify
2015-02-17 00:44 - 2014-09-18 22:26 - 00000000 ____D () C:\Users\VL\Downloads\Lc.N.W.O
2015-02-16 21:37 - 2009-11-18 23:21 - 01485824 ___SH () C:\Users\VL\Documents\Thumbs.db
2015-02-16 21:28 - 2013-11-22 18:26 - 03397120 ___SH () C:\Users\VL\Desktop\Thumbs.db
2015-02-16 21:18 - 2013-11-22 21:32 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1016520-2BA8-4A8B-AF43-5094422D4B1E}
2015-02-16 20:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 20:31 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 22:24 - 2013-08-22 14:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2015-02-12 22:17 - 2013-11-22 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 22:15 - 2013-04-27 01:03 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 00:13 - 2013-11-22 16:17 - 00000000 ____D () C:\Users\VL
2015-02-11 15:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 15:26 - 2013-08-22 15:44 - 00370240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 15:24 - 2013-07-27 11:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 15:23 - 2013-04-27 01:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 15:18 - 2013-05-15 18:32 - 00000000 ____D () C:\Users\VL\AppData\Roaming\DVDVideoSoft
2015-02-11 15:17 - 2014-11-03 23:39 - 00144384 ___SH () C:\Users\VL\Downloads\Thumbs.db
2015-02-10 18:42 - 2013-04-28 21:20 - 00000000 ____D () C:\Fraps
2015-02-09 23:55 - 2013-12-31 19:31 - 00000000 ____D () C:\Users\VL\Desktop\Notes
2015-02-09 18:08 - 2013-04-27 01:02 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 18:08 - 2013-04-27 01:02 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 18:46 - 2013-05-06 19:00 - 00000000 ____D () C:\Users\VL\AppData\Roaming\vlc
2015-01-27 23:09 - 2014-05-31 22:37 - 00000000 ____D () C:\Vorms EP3(projet)
2015-01-27 22:19 - 2013-07-30 12:41 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2015-01-27 22:19 - 2013-07-30 12:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2015-01-27 22:09 - 2013-07-30 12:44 - 00000000 ____D () C:\Users\VL\Documents\Bewerbung Allgemein
2015-01-25 18:28 - 2013-05-22 11:08 - 00000000 ____D () C:\Users\VL\.gimp-2.8
2015-01-24 13:47 - 2015-01-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-01-24 13:01 - 2014-12-24 23:26 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-24 13:01 - 2013-05-12 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 13:01 - 2013-05-09 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

==================== Files in the root of some directories =======

2013-05-23 01:26 - 2013-05-23 01:26 - 0006144 _____ () C:\Users\VL\AppData\Roaming\com.apple.antiphishing.db
2014-01-27 21:38 - 2014-01-27 21:38 - 0003584 _____ () C:\Users\VL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-15 21:43 - 2014-10-15 21:43 - 0004022 _____ () C:\Users\VL\AppData\Local\recently-used.xbel
2014-01-14 17:04 - 2014-01-14 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\VL\AppData\Local\Temp\EsgInstallerx64Stub.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-17 18:37

==================== End Of Log ============================

--- --- ---

--- --- ---

Warlord711 · 18.02.2015, 09:15

Und das Positive Finds erscheint immer noch ? In allen Browsern ?

Mach mir bitte noch ein ein Addition.txt Log:

Haken setzen bei addition.txt dann auf Scan klicken

positive21 · 18.02.2015, 17:05

Ja ist alles noch da, auch sowas wie Buzzdock Ads nun.

Hier die ADDITION:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by VL at 2015-02-18 16:48:23
Running from C:\Users\VL\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Akamai NetSession Interface (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
FantasyLC version 1460 (HKLM-x32\...\{E1EAF6A2-9AB5-4DE4-9ECE-C37FF2E3058D}_is1) (Version: 1460 - FantasyLC, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1191 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LAV Filters 0.56.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.56.2 - Hendrik Leppkes)
LCGenericName01 EP1 (HKLM-x32\...\LCGenericName01 EP1) (Version: EP1 - LCGenericName01)
LCGenericName02 EP2 (HKLM-x32\...\LCGenericName02 EP2) (Version: EP2 - LCGenericName02)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MySQL Server 5.1 (HKLM\...\{561AB451-B967-475C-80E0-3B6679C38B52}) (Version: 5.1.38 - MySQL AB)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Penumbra Episode 1 (HKLM-x32\...\{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1) (Version: 1.0.3 - Frictional Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.1.201412301303 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Spotify (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-02-2015 22:35:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08F19630-5521-4912-947E-B4BA5AAF036C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {22898773-7939-4020-B9B3-86043C5CC55F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {2D40244B-692D-4A31-83DC-A2C6502CE8FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {41213ACE-2B3F-4D0C-B44B-BDEF2167BF6A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5044366E-769B-423D-AD1F-75373C3F2517} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5BAB2320-836A-45CB-8969-9B230EDE6567} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {81F33BFE-4393-4F60-BEF8-33F4AA24F7C3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {A4BA0A9A-1761-4186-B25C-683638845C9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {BDA25E8F-4F2A-42E6-9DC5-5DDE1EE8EB38} - System32\Tasks\{488E738E-E904-42EA-8026-4E73BFCE1331} => pcalua.exe -a C:\Users\VL\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {DDBCCF83-F755-40B0-9E46-7715846CE77E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-08-18 20:09 - 2009-08-18 20:09 - 07599616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-04-28 01:31 - 2014-10-22 20:41 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-11-22 16:16 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00374840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-24 23:25 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-24 23:25 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-01-30 01:03 - 2015-01-27 18:59 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 36966968 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-17 19:43 - 2014-12-16 20:52 - 00867896 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00886840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00108600 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-24 23:25 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-12-24 23:25 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-12-24 23:25 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-11-21 12:31 - 2014-11-21 12:31 - 00663040 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-11-12 22:47 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VL\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== Accounts: =============================

Administrator (S-1-5-21-1101055978-3567199324-3965171460-500 - Administrator - Disabled)
Gast (S-1-5-21-1101055978-3567199324-3965171460-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1101055978-3567199324-3965171460-1004 - Limited - Enabled)
VL (S-1-5-21-1101055978-3567199324-3965171460-1001 - Administrator - Enabled) => C:\Users\VL

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2015 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Nksp.exe, Version: 1.3.2.197, Zeitstempel: 0x51c45635
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00041f4e
ID des fehlerhaften Prozesses: 0x1880
Startzeit der fehlerhaften Anwendung: 0xNksp.exe0
Pfad der fehlerhaften Anwendung: Nksp.exe1
Pfad des fehlerhaften Moduls: Nksp.exe2
Berichtskennung: Nksp.exe3
Vollständiger Name des fehlerhaften Pakets: Nksp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Nksp.exe5

Error: (02/17/2015 11:37:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/17/2015 10:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: OpenAL32.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: OpenAL32.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x1874
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x1954
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x12f0
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 09:46:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (02/17/2015 09:51:23 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/17/2015 09:51:22 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/17/2015 09:51:10 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:50:40 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:32:45 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}

Error: (02/17/2015 09:29:10 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:28:40 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:28:23 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}

Error: (02/17/2015 09:28:10 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:27:52 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}


Microsoft Office Sessions:
=========================
Error: (02/18/2015 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nksp.exe1.3.2.19751c45635ntdll.dll6.3.9600.1763054b0d74fc000000500041f4e188001d04b175cf46d74C:\Users\VL\Downloads\Attitude LastChaos\Bin\Nksp.exeC:\WINDOWS\SYSTEM32\ntdll.dll55077ebf-b715-11e4-bf0a-f46d049714b2

Error: (02/17/2015 11:37:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/17/2015 10:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cOpenAL32.dll6.3.9600.1763054b0d74fc00001350009e0b217f401d04afb89f23bfbC:\Program Files (x86)\Penumbra\Episode Eins\redist\Penumbra.exeOpenAL32.dlld15265b2-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b2d6c01d04afb6faea341C:\Program Files (x86)\Penumbra\Episode Eins\Penumbra.exeMSVCP71.dllb32c5835-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cOpenAL32.dll6.3.9600.1763054b0d74fc00001350009e0b2187401d04afb594e0bacC:\Program Files (x86)\Penumbra\Episode Eins\redist\Penumbra.exeOpenAL32.dll9b7d90cf-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b2195401d04afb583c09d8C:\Program Files (x86)\Penumbra\Episode Eins\Penumbra.exeMSVCP71.dll96731e4e-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b212f001d04afb4ec15661C:\Program Files (x86)\Penumbra\Episode Eins\installation\Penumbra.exeMSVCP71.dll8f61f285-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 09:46:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2015-02-16 21:12:44.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 21:12:44.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8168.75 MB
Available physical RAM: 5432.89 MB
Total Pagefile: 9448.75 MB
Available Pagefile: 5900.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:15 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: ( Power Platte) (Fixed) (Total:931.41 GB) (Free:487.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 629C93B3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A86BFF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Warlord711 · 19.02.2015, 10:07

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Dann bitte nochmal schauen wg. der Werbung.

positive21 · 19.02.2015, 14:16

Hier die Fixlog Datei, der Virus ist leider immer noch da

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by VL at 2015-02-19 14:05:59 Run:1
Running from C:\Users\VL\Downloads
Loaded Profiles: VL (Available profiles: VL)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
emptytemp:
         
*****************

taphss6 => Service deleted successfully.
EmptyTemp: => Removed 4.7 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:06:37 ====

Warlord711 · 19.02.2015, 15:13

Machst du mir nochmal ein frisches FRST Log inkl. Addition ?

positive21 · 19.02.2015, 16:10

FRST :

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by VL (administrator) on POSITIVE21 on 19-02-2015 15:57:28
Running from C:\Users\VL\Downloads
Loaded Profiles: VL (Available profiles: VL)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\VL\AppData\Roaming\Spotify\spotify.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) E:\Program Files (x86)\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Akamai NetSession Interface] => C:\Users\VL\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [ApplePhotoStreams] => E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify Web Helper] => C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Spotify] => C:\Users\VL\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudServices] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [iCloudDrive] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [MsgCenterExe] => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe"  -osboot
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\MountPoints2: {b315ae4c-99c8-11e4-beff-f46d049714b2} - "G:\startme.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 4620 series (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Mediaplayer -> {1536BA74-8625-4240-99B0-BE65883689C8} -> E:\Program Files (x86)\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> E:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1101055978-3567199324-3965171460-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.de/
CHR Profile: C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-11]
CHR Extension: (Adguard AdBlocker) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-02-16]
CHR Extension: (AdBlock) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blipnejacaoebmeelgjgifelpnikhiec [2015-02-16]
CHR Extension: (YouTube) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-11]
CHR Extension: (Google Search) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-11]
CHR Extension: (Google Wallet) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-11]
CHR Extension: (Gmail) - C:\Users\VL\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-06-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-10-22] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2015-01-14] (Sony Mobile Communications)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2013-11-12] (ITE                      )
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 14:07 - 2015-02-19 14:07 - 00000532 _____ () C:\WINDOWS\PFRO.log
2015-02-19 14:05 - 2015-02-19 14:05 - 00000000 ____D () C:\Users\VL\Downloads\FRST-OlderVersion
2015-02-18 02:13 - 2015-02-09 23:58 - 00000295 _____ () C:\Users\VL\Desktop\LC AT.txt
2015-02-17 22:49 - 2015-02-17 22:49 - 00419840 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2015-02-17 22:49 - 2015-02-17 22:49 - 00413696 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2015-02-17 22:49 - 2015-02-17 22:49 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2015-02-17 22:49 - 2015-02-17 22:49 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2015-02-17 22:49 - 2015-02-17 22:49 - 00000000 ____D () C:\Users\VL\Documents\Penumbra Overture
2015-02-17 22:49 - 2015-02-17 22:49 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-02-17 22:49 - 2008-05-27 15:22 - 00782336 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpD3EE.tmp
2015-02-17 22:49 - 2008-05-27 15:22 - 00782336 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpD3ED.tmp
2015-02-17 22:43 - 2015-02-17 22:43 - 00002235 _____ () C:\Users\VL\Desktop\Penumbra - Episode Eins spielen.lnk
2015-02-17 22:43 - 2015-02-17 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Penumbra
2015-02-17 22:42 - 2015-02-17 22:42 - 00000000 ____D () C:\Program Files (x86)\Penumbra
2015-02-17 20:58 - 2015-02-18 03:24 - 00000000 ____D () C:\Users\VL\Downloads\Attitude LastChaos
2015-02-17 19:01 - 2015-02-17 19:01 - 00852594 _____ () C:\Users\VL\Desktop\SecurityCheck.exe
2015-02-17 18:58 - 2015-02-17 18:58 - 00000689 _____ () C:\Users\VL\Desktop\JRT.txt
2015-02-17 18:56 - 2015-02-17 18:56 - 01388274 _____ (Thisisu) C:\Users\VL\Downloads\JRT.exe
2015-02-17 18:47 - 2015-02-17 18:47 - 02112512 _____ () C:\Users\VL\Desktop\AdwCleaner_4.110.exe
2015-02-17 17:21 - 2015-02-19 15:57 - 00017326 _____ () C:\Users\VL\Downloads\FRST.txt
2015-02-17 17:21 - 2015-02-18 16:55 - 00026896 _____ () C:\Users\VL\Downloads\Addition.txt
2015-02-17 17:20 - 2015-02-19 14:05 - 02086912 _____ (Farbar) C:\Users\VL\Downloads\FRST64.exe
2015-02-17 17:13 - 2015-02-19 14:07 - 00001155 _____ () C:\WINDOWS\setupact.log
2015-02-17 17:13 - 2015-02-17 17:13 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-17 17:04 - 2015-02-19 15:57 - 00000000 ____D () C:\FRST
2015-02-17 16:50 - 2015-02-17 17:07 - 1826790317 _____ () C:\Users\VL\Downloads\Attitude LastChaos.rar
2015-02-17 16:17 - 2015-02-17 16:17 - 00000101 _____ () C:\Users\VL\Desktop\trojaner board.txt
2015-02-16 22:04 - 2015-02-16 22:04 - 00002323 _____ () C:\Users\VL\Desktop\Chrome App Launcher.lnk
2015-02-16 22:04 - 2015-02-16 22:04 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-16 21:16 - 2015-02-19 15:54 - 00549691 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 21:12 - 2015-02-17 19:02 - 00000000 ____D () C:\AdwCleaner
2015-02-12 21:59 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 21:59 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 00:35 - 2015-02-12 00:35 - 00000000 ____D () C:\Users\VL\AppData\Local\Norman Malware Cleaner
2015-02-11 14:06 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 14:06 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:06 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:06 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:06 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:06 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 14:06 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 14:06 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 14:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 14:06 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 14:06 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 14:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 14:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 14:06 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 14:06 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 14:06 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 14:06 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 14:06 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 14:06 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 14:06 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 14:06 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 14:06 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 14:06 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 14:06 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 14:06 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 14:06 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 14:06 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 14:06 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 14:06 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 14:06 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 14:06 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 14:06 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 14:06 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 14:06 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 14:06 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 14:06 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 14:06 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 14:06 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:06 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 14:06 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 14:06 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 14:06 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 14:06 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 14:06 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-27 22:19 - 2015-01-27 22:19 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-01-27 22:09 - 2015-01-27 22:09 - 00000000 ____D () C:\OpenOffice 4
2015-01-24 13:34 - 2015-01-24 13:47 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 15:13 - 2013-04-27 01:02 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 15:10 - 2013-04-27 02:20 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Skype
2015-02-19 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-19 14:24 - 2014-02-13 17:38 - 00000000 ____D () C:\Users\VL\AppData\Roaming\Spotify
2015-02-19 14:14 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-19 14:14 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-19 14:14 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-19 14:10 - 2014-11-12 01:16 - 00000000 ___RD () C:\Users\VL\iCloudDrive
2015-02-19 14:09 - 2014-02-13 17:39 - 00000000 ____D () C:\Users\VL\AppData\Local\Spotify
2015-02-19 14:09 - 2013-11-22 18:26 - 03405312 ___SH () C:\Users\VL\Desktop\Thumbs.db
2015-02-19 14:09 - 2013-04-27 01:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-19 14:09 - 2013-04-27 01:02 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 14:07 - 2013-11-22 16:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-19 14:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-19 14:01 - 2014-09-15 20:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-19 14:01 - 2013-04-27 02:20 - 00000000 ____D () C:\ProgramData\Skype
2015-02-19 14:01 - 2013-04-27 01:18 - 00000000 ____D () C:\ProgramData\Origin
2015-02-18 01:15 - 2012-07-26 02:47 - 00000000 ____D () C:\Users\VL\AppData\Local\VirtualStore
2015-02-17 23:36 - 2012-07-26 02:53 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1101055978-3567199324-3965171460-1001
2015-02-17 00:44 - 2014-09-18 22:26 - 00000000 ____D () C:\Users\VL\Downloads\Lc.N.W.O
2015-02-16 21:37 - 2009-11-18 23:21 - 01485824 ___SH () C:\Users\VL\Documents\Thumbs.db
2015-02-16 21:18 - 2013-11-22 21:32 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1016520-2BA8-4A8B-AF43-5094422D4B1E}
2015-02-16 20:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 20:31 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 22:24 - 2013-08-22 14:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2015-02-12 22:17 - 2013-11-22 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 22:15 - 2013-04-27 01:03 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 00:13 - 2013-11-22 16:17 - 00000000 ____D () C:\Users\VL
2015-02-11 15:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 15:26 - 2013-08-22 15:44 - 00370240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 15:24 - 2013-07-27 11:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 15:23 - 2013-04-27 01:56 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 15:18 - 2013-05-15 18:32 - 00000000 ____D () C:\Users\VL\AppData\Roaming\DVDVideoSoft
2015-02-11 15:17 - 2014-11-03 23:39 - 00144384 ___SH () C:\Users\VL\Downloads\Thumbs.db
2015-02-10 18:42 - 2013-04-28 21:20 - 00000000 ____D () C:\Fraps
2015-02-09 23:55 - 2013-12-31 19:31 - 00000000 ____D () C:\Users\VL\Desktop\Notes
2015-02-09 18:08 - 2013-04-27 01:02 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-09 18:08 - 2013-04-27 01:02 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-01 18:46 - 2013-05-06 19:00 - 00000000 ____D () C:\Users\VL\AppData\Roaming\vlc
2015-01-27 23:09 - 2014-05-31 22:37 - 00000000 ____D () C:\Vorms EP3(projet)
2015-01-27 22:19 - 2013-07-30 12:41 - 00001132 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2015-01-27 22:19 - 2013-07-30 12:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2015-01-27 22:09 - 2013-07-30 12:44 - 00000000 ____D () C:\Users\VL\Documents\Bewerbung Allgemein
2015-01-25 18:28 - 2013-05-22 11:08 - 00000000 ____D () C:\Users\VL\.gimp-2.8
2015-01-24 13:47 - 2015-01-14 22:06 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-01-24 13:01 - 2014-12-24 23:26 - 00002042 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-24 13:01 - 2013-05-12 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-24 13:01 - 2013-05-09 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

==================== Files in the root of some directories =======

2013-05-23 01:26 - 2013-05-23 01:26 - 0006144 _____ () C:\Users\VL\AppData\Roaming\com.apple.antiphishing.db
2014-01-27 21:38 - 2014-01-27 21:38 - 0003584 _____ () C:\Users\VL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-15 21:43 - 2014-10-15 21:43 - 0004022 _____ () C:\Users\VL\AppData\Local\recently-used.xbel
2014-01-14 17:04 - 2014-01-14 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-19 14:20

==================== End Of Log ============================

--- --- ---

--- --- ---

ADDITION

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by VL at 2015-02-19 15:57:53
Running from C:\Users\VL\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Akamai NetSession Interface (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23028 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
FantasyLC version 1460 (HKLM-x32\...\{E1EAF6A2-9AB5-4DE4-9ECE-C37FF2E3058D}_is1) (Version: 1460 - FantasyLC, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series - Grundlegende Software für das Gerät (HKLM\...\{B16F9E6E-1388-472C-98C3-F32D397EF85D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Hilfe (HKLM-x32\...\{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}) (Version: 6.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1191 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
LastChaosGER (HKLM-x32\...\{A86A50FC-7C22-478B-BAEF-82393328825F}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.)
LAV Filters 0.56.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.56.2 - Hendrik Leppkes)
LCGenericName01 EP1 (HKLM-x32\...\LCGenericName01 EP1) (Version: EP1 - LCGenericName01)
LCGenericName02 EP2 (HKLM-x32\...\LCGenericName02 EP2) (Version: EP2 - LCGenericName02)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MySQL Server 5.1 (HKLM\...\{561AB451-B967-475C-80E0-3B6679C38B52}) (Version: 5.1.38 - MySQL AB)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Penumbra Episode 1 (HKLM-x32\...\{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1) (Version: 1.0.3 - Frictional Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sandboxie 4.08 (64-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.1.201412301303 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
Spotify (HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie zur Verbesserung von HP Officejet 4620 series Produkten (HKLM\...\{ABBC6F00-E9C9-4B1E-B046-8FFD7BA3A456}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-02-2015 22:35:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08F19630-5521-4912-947E-B4BA5AAF036C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {22898773-7939-4020-B9B3-86043C5CC55F} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {2D40244B-692D-4A31-83DC-A2C6502CE8FA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {41213ACE-2B3F-4D0C-B44B-BDEF2167BF6A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1101055978-3567199324-3965171460-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {5044366E-769B-423D-AD1F-75373C3F2517} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {5BAB2320-836A-45CB-8969-9B230EDE6567} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {A4BA0A9A-1761-4186-B25C-683638845C9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.)
Task: {BDA25E8F-4F2A-42E6-9DC5-5DDE1EE8EB38} - System32\Tasks\{488E738E-E904-42EA-8026-4E73BFCE1331} => pcalua.exe -a C:\Users\VL\AppData\Local\Unity\WebPlayer\Uninstall.exe -c /CurrentUser
Task: {C97CD44D-49B2-48FF-8768-015A08382A4F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {DDBCCF83-F755-40B0-9E46-7715846CE77E} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-22 16:16 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-18 20:09 - 2009-08-18 20:09 - 07599616 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-04-28 01:31 - 2014-10-22 20:41 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-02-13 17:39 - 2014-12-16 20:52 - 00374840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-24 23:25 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-30 01:03 - 2015-01-27 18:59 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-30 01:02 - 2015-01-27 18:59 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 36966968 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libcef.dll
2014-07-17 19:43 - 2014-12-16 20:52 - 00867896 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00886840 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-02-13 17:39 - 2014-12-16 20:52 - 00108600 _____ () C:\Users\VL\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-24 23:25 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-24 23:25 - 2014-12-04 14:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-12-24 23:25 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-12-24 23:25 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2014-11-21 12:31 - 2014-11-21 12:31 - 00663040 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2013-11-12 22:47 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-09 18:14 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\VL\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1101055978-3567199324-3965171460-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== Accounts: =============================

Administrator (S-1-5-21-1101055978-3567199324-3965171460-500 - Administrator - Disabled)
Gast (S-1-5-21-1101055978-3567199324-3965171460-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1101055978-3567199324-3965171460-1004 - Limited - Enabled)
VL (S-1-5-21-1101055978-3567199324-3965171460-1001 - Administrator - Enabled) => C:\Users\VL

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2015 02:20:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/18/2015 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Nksp.exe, Version: 1.3.2.197, Zeitstempel: 0x51c45635
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00041f4e
ID des fehlerhaften Prozesses: 0x1880
Startzeit der fehlerhaften Anwendung: 0xNksp.exe0
Pfad der fehlerhaften Anwendung: Nksp.exe1
Pfad des fehlerhaften Moduls: Nksp.exe2
Berichtskennung: Nksp.exe3
Vollständiger Name des fehlerhaften Pakets: Nksp.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Nksp.exe5

Error: (02/17/2015 11:37:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (02/17/2015 10:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: OpenAL32.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x17f4
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: OpenAL32.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x1874
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x1954
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 10:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Penumbra.exe, Version: 0.0.0.0, Zeitstempel: 0x47c4039c
Name des fehlerhaften Moduls: MSVCP71.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000135
Fehleroffset: 0x0009e0b2
ID des fehlerhaften Prozesses: 0x12f0
Startzeit der fehlerhaften Anwendung: 0xPenumbra.exe0
Pfad der fehlerhaften Anwendung: Penumbra.exe1
Pfad des fehlerhaften Moduls: Penumbra.exe2
Berichtskennung: Penumbra.exe3
Vollständiger Name des fehlerhaften Pakets: Penumbra.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Penumbra.exe5

Error: (02/17/2015 09:46:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)


System errors:
=============
Error: (02/19/2015 02:08:01 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "POSITIVE21" auf Transport "NetBT_Tcpip_{D2436734-D563-4D4E-8FB7-2E07C8431772}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (02/18/2015 07:11:56 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/18/2015 05:26:51 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 05:26:21 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/18/2015 05:18:43 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/18/2015 05:18:13 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/17/2015 09:51:23 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/17/2015 09:51:22 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/17/2015 09:51:10 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/17/2015 09:50:40 PM) (Source: DCOM) (EventID: 10010) (User: POSITIVE21)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (02/19/2015 02:20:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/18/2015 03:24:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nksp.exe1.3.2.19751c45635ntdll.dll6.3.9600.1763054b0d74fc000000500041f4e188001d04b175cf46d74C:\Users\VL\Downloads\Attitude LastChaos\Bin\Nksp.exeC:\WINDOWS\SYSTEM32\ntdll.dll55077ebf-b715-11e4-bf0a-f46d049714b2

Error: (02/17/2015 11:37:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (02/17/2015 10:49:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cOpenAL32.dll6.3.9600.1763054b0d74fc00001350009e0b217f401d04afb89f23bfbC:\Program Files (x86)\Penumbra\Episode Eins\redist\Penumbra.exeOpenAL32.dlld15265b2-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b2d6c01d04afb6faea341C:\Program Files (x86)\Penumbra\Episode Eins\Penumbra.exeMSVCP71.dllb32c5835-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cOpenAL32.dll6.3.9600.1763054b0d74fc00001350009e0b2187401d04afb594e0bacC:\Program Files (x86)\Penumbra\Episode Eins\redist\Penumbra.exeOpenAL32.dll9b7d90cf-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b2195401d04afb583c09d8C:\Program Files (x86)\Penumbra\Episode Eins\Penumbra.exeMSVCP71.dll96731e4e-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 10:47:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Penumbra.exe0.0.0.047c4039cMSVCP71.dll6.3.9600.1763054b0d74fc00001350009e0b212f001d04afb4ec15661C:\Program Files (x86)\Penumbra\Episode Eins\installation\Penumbra.exeMSVCP71.dll8f61f285-b6ee-11e4-bf0a-f46d049714b2

Error: (02/17/2015 09:46:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2015-02-16 21:12:44.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-02-16 21:12:44.825
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8168.75 MB
Available physical RAM: 6154.54 MB
Total Pagefile: 9448.75 MB
Available Pagefile: 6602.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:19.48 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: ( Power Platte) (Fixed) (Total:931.41 GB) (Free:487.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 629C93B3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4A86BFF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8548F675)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Für alle die vorerst diese nervige Werbung aus dem Browser haben wollen um das übel an der Wurzel zu packen, es gibt eine Erweiterung für z.B. Google Chrome, nennt sich " Addguard " und hält die Werbung vorerst fern, teilweise.

Warlord711 · 19.02.2015, 16:30

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste
Code:
ATTFilter
```
C:\Windows\system32\AdminService.exe
         
```
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

positive21 · 19.02.2015, 16:53

Irgendwie findet der das bei mir nicht oder ich mach was falsch

Habe die Datei nun selber gefunden über die Windows 8 Suche, so finde ich die AdminService.exe Datei zwar...nur VirusTotal findet die Datei komischerweise nicht wirklich.

Warlord711 · 19.02.2015, 17:04

kannst du den browser per rechte maustaste als administrator starten und dann virustotal.com ansteuern und das ganze erneut durchführen, bitte ?

18.02.2015, 09:15	#7
Warlord711 /// TB-Ausbilder	Positive Finds Ads Virus Und das Positive Finds erscheint immer noch ? In allen Browsern ? Mach mir bitte noch ein ein Addition.txt Log: Haken setzen bei addition.txt dann auf Scan klicken __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

19.02.2015, 15:13	#11
Warlord711 /// TB-Ausbilder	Positive Finds Ads Virus Machst du mir nochmal ein frisches FRST Log inkl. Addition ? __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

19.02.2015, 17:04	#15
Warlord711 /// TB-Ausbilder	Positive Finds Ads Virus kannst du den browser per rechte maustaste als administrator starten und dann virustotal.com ansteuern und das ganze erneut durchführen, bitte ? __________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie \| Spende \| Lob & Kritik

Positive Finds Ads Virus

Log-Analyse und Auswertung: Positive Finds Ads Virus