Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.12.2014, 16:38   #1
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Hallo Liebes Trojaner- Board Team ,

wie der Titel schon vermuten lässt, habe ich mir wohl etwas eingefangen und obige Symptome sind eingetreten.
bitte freundlich um eure Hilfe und hoffe wir das Problem kann gelöst werden.

mfg Kevin.

Alt 16.12.2014, 16:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 16.12.2014, 16:51   #3
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



hier einmal FRST log
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Siddiq (administrator) on KEVO-PC on 16-12-2014 16:51:14
Running from C:\Users\Siddiq\Desktop
Loaded Profiles: Kevo & Siddiq (Available profiles: Kevo & Siddiq)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\ConsoLCu.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-07] (Tonec Inc.)
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MountPoints2: {3285d094-4bf5-11e3-aa23-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-07] (Tonec Inc.)
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\RunOnce: [Adobe Speed Launcher] => 1418685679
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\MountPoints2: {435e65a1-562e-11e4-ba6b-a65d2d287932} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs:  =>  File Not Found
Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-17948161-4136030996-2878415790-1001] => 205.213.195.80:80
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 17 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 17 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: www.aupix.com/Webphone -> C:\Users\Kevo\AppData\Roaming\AuPix Ltd\Webphone\npWebphone_1_9.dll (AuPix Ltd)
FF HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5 [2014-09-23]
FF HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Siddiq\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Siddiq\AppData\Roaming\IDM\idmmzcc5 [2014-12-16]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (IDM Integration Module) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-12]
CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U0 uiav; C:\Windows\System32\drivers\sofiias.sys [79064 2014-12-16] (Malwarebytes Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U3 aswMBR; \??\C:\Users\Siddiq\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Siddiq\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 16:51 - 2014-12-16 16:51 - 00022407 _____ () C:\Users\Siddiq\Desktop\FRST.txt
2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\ProgramData\6577510721512629562
2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni
2014-12-16 16:29 - 2014-12-16 16:51 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache
2014-12-16 16:29 - 2014-12-16 16:30 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\IDM
2014-12-16 16:29 - 2014-12-16 16:29 - 01240576 _____ () C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack (1).exe
2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe
2014-12-16 16:27 - 2014-12-16 16:27 - 01240576 _____ () C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack.exe
2014-12-16 16:27 - 2014-12-16 16:27 - 00761872 _____ ( ) C:\Users\Siddiq\Downloads\idman621build16.exe
2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-16 15:39 - 2014-12-16 15:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 15:39 - 2014-12-16 15:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-16 15:39 - 2014-12-16 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 15:38 - 2014-12-16 15:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 15:38 - 2014-12-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 15:38 - 2014-12-16 15:38 - 02119168 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe
2014-12-16 15:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-16 14:51 - 2014-12-16 14:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\sofiias.sys
2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe
2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe
2014-12-16 14:10 - 2014-12-16 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam
2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar
2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip
2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity
2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono
2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe
2014-12-07 15:51 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity
2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe
2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip
2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip
2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft
2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe
2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip
2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip
2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp
2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar
2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk
2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk
2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip
2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip
2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip
2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip
2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-30 20:01 - 2014-12-16 16:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 20:01 - 2014-12-15 20:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment
2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0
2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img
2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip
2014-11-27 19:45 - 2014-12-01 06:34 - 00000972 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 16:51 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST
2014-12-16 16:29 - 2013-08-30 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-16 15:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 15:52 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-16 15:52 - 2013-08-21 23:53 - 01636231 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 12:52 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert
2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 21:46 - 2014-11-15 21:22 - 00004445 _____ () C:\Windows\setupact.log
2014-12-13 16:06 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-13 16:06 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-13 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype
2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-06 06:51 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 06:51 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder
2014-12-01 19:53 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox
2014-12-01 06:57 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox
2014-12-01 06:41 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub
2014-12-01 06:35 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-01 06:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit
2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk
2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-30 19:37 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner
2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo
2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google
2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Kevo\AppData\Local\Temp\bassmod.dll
C:\Users\Kevo\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\Kevo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kevo\AppData\Local\Temp\nvStInst.exe
C:\Users\Siddiq\AppData\Local\Temp\38E130ef8.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 23:15

==================== End Of Log ============================
         
--- --- ---


und einmal die Addition log

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Siddiq at 2014-12-16 16:51:45
Running from C:\Users\Siddiq\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Android Data Recovery  (HKLM-x32\...\Android Data Recovery) (Version:  - Tenorshare, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
APW-10 Webphone (HKLM-x32\...\{B42EBE03-4CB9-44E6-B523-61121DB1B195}) (Version: 1.9.0 - AuPix Ltd)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BF3 Settings Editor (HKLM\...\{5866DD36-8055-475B-A5C3-82C04091D14E}) (Version: 2.3 - Realmware)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BuuyNsAVe (HKLM-x32\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version: 5.00 - Creative Technology Limited)
Creative Karaoke Player (HKLM-x32\...\CREATIVE KARAOKE PLAYER) (Version: 2.11 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA PrecisionX 16 (HKLM-x32\...\{E019FA6A-BA92-49A5-A4A6-FB7C60931643}) (Version: 5.2.0 - EVGA Corporation)
Fernbedienungssystem (HKLM-x32\...\Remote Control System) (Version: 5.00 - Creative Technology Limited)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.38 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juiced2_HIN (HKLM-x32\...\{50E4FCC7-90B9-48C6-9D17-7AE66F282878}) (Version: 1.00.0000 - THQ)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kingo ROOT version 1.2.5.2112 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.5.2112 - Kingosoft Technology Ltd.)
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{62DAB694-358E-4C6F-82BF-26DA64B297A6}) (Version: 4.3.2 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MultIV (HKLM-x32\...\{A30833E0-EC35-4DE7-96CD-AFF4FB5976EA}) (Version: 0.2.0 - MultIV Development Team)
MyFreeCodec (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)
PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Incl. Update 28 (HKLM-x32\...\PAYDAY 2_is1) (Version:  - )
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 1.8.0.0 - Steppschuh)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
ROOT´óʦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.9730 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.8.4 - Shark007)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{54500B82-846C-4052-83C8-B7AEB786760C}) (Version: 2.0.0.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Viber (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
Virtual Mpc Version 1.0 (HKLM-x32\...\{FBE55100-FC71-4027-B760-F96D51BE28A5}_is1) (Version: 1.0 - MediaXtremely)
VirtualDJ PRO Full (HKLM-x32\...\{23F20D12-1D01-4806-8AA8-AC79055109DE}) (Version: 7.4 - Atomix Productions)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\A43025A72B6CC28CB38B93867B2740C581E3B100) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\4D55218052428488AFE6BA93FABC783E658657A7) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\38207DB32AC6A59CE6075F5AAE1448040FAC76DB) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\BC0FC97093ED911878848F7852D617BA23E42F68) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\97541C74689007984DD12A4E0B349E2F96A66C2F) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - Microsoft Corporation (WinUSB) AndroidUsbDeviceClass  (07/11/2013 1.4.0015.00000) (HKLM\...\F556F06662CD592AC1110F9116ADB92815A9AA30) (Version: 07/11/2013 1.4.0015.00000 - Microsoft Corporation)
Windows-Treiberpaket - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows-Treiberpaket - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows-Treiberpaket - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)
Windows-Treiberpaket - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-09-2014 08:46:32 Windows Update
30-09-2014 21:24:09 Windows Update
03-10-2014 20:36:32 Installed iTunes
04-10-2014 22:20:21 Installed APW-10 Webphone
06-10-2014 00:01:28 Windows Update
09-10-2014 00:29:22 Windows Update
09-10-2014 17:50:59 Gerätetreiber-Paketinstallation: ClockworkMod Android Phone
15-10-2014 17:15:45 Windows Update
17-10-2014 18:18:54 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Modems
17-10-2014 18:44:20 Wiederherstellungsvorgang
17-10-2014 19:03:23 Windows Update
21-10-2014 18:09:55 Windows Update
22-10-2014 20:04:20 Gerätetreiber-Paketinstallation: Google USB
25-10-2014 21:28:01 Windows Update
29-10-2014 18:27:06 Windows Update
02-11-2014 17:21:21 Windows Update
08-11-2014 17:12:50 Windows Update
11-11-2014 19:33:52 Windows Update
16-11-2014 20:45:54 Windows Update
23-11-2014 05:27:54 Windows Update
28-11-2014 19:00:08 Windows Update
02-12-2014 05:47:56 Windows Update
06-12-2014 05:46:23 Windows Update
10-12-2014 05:46:16 Windows Update
14-12-2014 14:39:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-17 19:11 - 2014-10-17 19:11 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {33D73BD0-DB6F-4843-8110-3F0644426E03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {41E1B4D9-FE5B-4BE2-AFD1-790FDC81E12A} - System32\Tasks\{B4F99F75-04D0-4B94-8DAF-84E84F31179C} => pcalua.exe -a "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update\Setup.exe" -d "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update"
Task: {580B284E-0785-41EB-9EE7-5C7E92ED6077} - System32\Tasks\{82628D5D-E012-4444-9C07-6AC1F085F097} => pcalua.exe -a "C:\Users\Kevo\Downloads\gfwlivesetup (4).exe" -d C:\Users\Kevo\Downloads
Task: {5D5F7653-0830-4687-A9A6-1BC382C9B08D} - System32\Tasks\{2AB3583C-2245-4FB0-B01E-E170BD70E9BF} => C:\Program Files (x86)\Virtual Mpc\Virtual Mpc.exe [2011-11-19] (MediaXtremely)
Task: {803EBFD5-6DBC-4919-8B7B-4F380B5C895C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8B5C1226-CF64-40E3-9D72-41715A2434B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9008C5B8-4461-4FBF-8F86-44C32CFEA375} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: {9808C32A-471A-4873-AFFE-DF1C8F04C229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {A2C81D7C-0685-4C6E-8C17-CE21834CB210} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B383C98E-3850-42DF-BA20-EC0435A73E2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {BB7F2B71-1A24-44C3-9D2C-884E905731B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {F29EA58C-69E0-4D86-A052-34606B92DAEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-22 02:21 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-22 21:30 - 2014-08-11 23:55 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-11 23:17 - 2009-11-30 17:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-10-11 23:17 - 2009-12-08 14:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-12-10 21:09 - 2014-12-10 04:57 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libglesv2.dll
2014-12-10 21:09 - 2014-12-10 04:57 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libegl.dll
2014-12-10 21:09 - 2014-12-10 04:57 - 10865480 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\pdf.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-10-11 23:17 - 2009-11-30 17:53 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-10-11 23:17 - 2009-12-08 14:50 - 00177664 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-01 08:26 - 2014-03-17 02:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
2014-12-16 15:38 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-16 15:38 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-16 15:38 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-16 15:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-16 15:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: SafetyNutManager => 2
MSCONFIG\startupfolder: C:^Users^Kevo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Kevo\AppData\Local\Temp\File4352044518964978922.jar"
MSCONFIG\startupreg: Hercules DJ Series TrayAgent => C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r

========================= Accounts: ==========================

Administrator (S-1-5-21-17948161-4136030996-2878415790-500 - Administrator - Disabled)
Gast (S-1-5-21-17948161-4136030996-2878415790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-17948161-4136030996-2878415790-1002 - Limited - Enabled)
Kevo (S-1-5-21-17948161-4136030996-2878415790-1001 - Administrator - Enabled) => C:\Users\Kevo
Siddiq (S-1-5-21-17948161-4136030996-2878415790-1008 - Administrator - Enabled) => C:\Users\Siddiq

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2014 09:47:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kevo-PC)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17332

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17332

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9828

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9828

Error: (12/13/2014 07:10:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2014 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ehshell.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd053
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c8c81
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000fae0e
ID des fehlerhaften Prozesses: 0x2bc
Startzeit der fehlerhaften Anwendung: 0xehshell.exe0
Pfad der fehlerhaften Anwendung: ehshell.exe1
Pfad des fehlerhaften Moduls: ehshell.exe2
Berichtskennung: ehshell.exe3

Error: (12/02/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ehshell.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd053
Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c8c81
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000fae0e
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xehshell.exe0
Pfad der fehlerhaften Anwendung: ehshell.exe1
Pfad des fehlerhaften Moduls: ehshell.exe2
Berichtskennung: ehshell.exe3

Error: (11/30/2014 07:40:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (12/13/2014 04:02:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (12/13/2014 06:46:00 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.

Error: (12/13/2014 06:46:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1848.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/13/2014 00:09:03 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (12/12/2014 00:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (12/12/2014 06:46:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.189.1848.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/12/2014 06:46:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.

Error: (12/12/2014 00:09:03 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (12/10/2014 06:59:33 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1

Error: (12/10/2014 06:59:33 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1


Microsoft Office Sessions:
=========================
Error: (12/15/2014 09:47:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kevo-PC)
Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17332

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17332

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9828

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9828

Error: (12/13/2014 07:10:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2014 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ehshell.exe6.1.7600.163854a5bd053wmp.dll12.0.7601.18150518c8c81c000000500000000000fae0e2bc01d00e059818940cC:\Windows\ehome\ehshell.exeC:\Windows\system32\wmp.dlld5c78a7d-7a5d-11e4-95a4-b224fbfea273

Error: (12/02/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ehshell.exe6.1.7600.163854a5bd053wmp.dll12.0.7601.18150518c8c81c000000500000000000fae0e

Error: (11/30/2014 07:40:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 5119.29 MB
Available physical RAM: 2506.91 MB
Total Pagefile: 10236.76 MB
Available Pagefile: 6862.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:161.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D61A319B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
mfg Kevin.
__________________

Alt 16.12.2014, 16:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Zitat:
C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack (1).exe
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2014, 17:01   #5
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



ist gelöscht.. erneuten FRST log :


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Siddiq (administrator) on KEVO-PC on 16-12-2014 17:09:09
Running from C:\Users\Siddiq\Desktop
Loaded Profiles: Kevo & Siddiq (Available profiles: Kevo & Siddiq)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\ConsoLCu.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MountPoints2: {3285d094-4bf5-11e3-aa23-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\RunOnce: [Adobe Speed Launcher] => 1418685679
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\MountPoints2: {435e65a1-562e-11e4-ba6b-a65d2d287932} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs:  =>  File Not Found
Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-17948161-4136030996-2878415790-1001] => 205.213.195.80:80
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9 17 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)
Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Winsock: Catalog9-x64 17 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: www.aupix.com/Webphone -> C:\Users\Kevo\AppData\Roaming\AuPix Ltd\Webphone\npWebphone_1_9.dll (AuPix Ltd)
FF HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5 [2014-09-23]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (IDM Integration Module) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-12]
CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
U0 uiav; C:\Windows\System32\drivers\sofiias.sys [79064 2014-12-16] (Malwarebytes Corporation)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U3 aswMBR; \??\C:\Users\Siddiq\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Siddiq\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 16:51 - 2014-12-16 17:09 - 00021041 _____ () C:\Users\Siddiq\Desktop\FRST.txt
2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\ProgramData\6577510721512629562
2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni
2014-12-16 16:29 - 2014-12-16 17:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache
2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed
2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe
2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-16 15:39 - 2014-12-16 15:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-16 15:39 - 2014-12-16 15:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-16 15:39 - 2014-12-16 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-16 15:38 - 2014-12-16 15:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 15:38 - 2014-12-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 15:38 - 2014-12-16 15:38 - 02119168 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe
2014-12-16 15:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-16 14:51 - 2014-12-16 14:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\sofiias.sys
2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe
2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe
2014-12-16 14:10 - 2014-12-16 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam
2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar
2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip
2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity
2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono
2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe
2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity
2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe
2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip
2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip
2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft
2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe
2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip
2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip
2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp
2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar
2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk
2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk
2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip
2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip
2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip
2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip
2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-30 20:01 - 2014-12-16 17:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 20:01 - 2014-12-15 20:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment
2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0
2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img
2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip
2014-11-27 19:45 - 2014-12-01 06:34 - 00000972 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 17:09 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST
2014-12-16 17:08 - 2013-08-30 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-12-16 16:55 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 16:55 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 16:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-16 15:52 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-16 15:52 - 2013-08-21 23:53 - 01636231 _____ () C:\Windows\WindowsUpdate.log
2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 12:52 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert
2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-15 21:46 - 2014-11-15 21:22 - 00004445 _____ () C:\Windows\setupact.log
2014-12-13 16:06 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-13 16:06 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-13 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype
2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder
2014-12-01 19:53 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox
2014-12-01 06:57 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox
2014-12-01 06:41 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub
2014-12-01 06:35 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-01 06:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit
2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk
2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-30 19:37 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner
2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo
2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google
2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Kevo\AppData\Local\Temp\bassmod.dll
C:\Users\Kevo\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\Kevo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kevo\AppData\Local\Temp\nvStInst.exe
C:\Users\Siddiq\AppData\Local\Temp\38E130ef8.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 23:15

==================== End Of Log ============================
         
--- --- ---

--- --- ---


mfg Kevin


Geändert von kevinanthony (16.12.2014 um 17:08 Uhr) Grund: Aktualisiert

Alt 16.12.2014, 17:03   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Du hast nur dne Crack gelöscht. Das (gecrackte) Programm ist noch weiterhin installiert und taucht in der Prozessliste auf.
__________________
--> Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..

Alt 16.12.2014, 17:08   #7
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



habe es entfernt und den Log vom vorherigen post aktualisiert.

Alt 16.12.2014, 23:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2014, 01:16   #9
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



moin, anbei einmal die Log vom Combofix :

Code:
ATTFilter
ComboFix 14-12-14.01 - Siddiq 17.12.2014   0:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.5119.2305 [GMT 1:00]
ausgeführt von:: c:\users\Siddiq\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6577510721512629562
c:\programdata\6577510721512629562\cd5b15e575e1c3d0cb41a56236abc36b.ini
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SET4D53.tmp
c:\windows\SysWow64\SET5B7B.tmp
c:\windows\SysWow64\SET705A.tmp
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-17 bis 2014-12-17  ))))))))))))))))))))))))))))))
.
.
2014-12-16 23:57 . 2014-12-16 23:57	--------	d-----w-	c:\users\Kevo\AppData\Local\temp
2014-12-16 23:57 . 2014-12-16 23:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-12-16 15:31 . 2014-12-16 15:31	--------	d-----w-	c:\program files (x86)\BuuyNsAVe
2014-12-16 15:30 . 2014-12-16 15:30	--------	d-----w-	c:\programdata\nlcgledcgbnjgnhikehaekocgppemfni
2014-12-16 15:29 . 2014-12-16 16:08	--------	d-----w-	c:\users\Siddiq\AppData\Roaming\DMCache
2014-12-16 14:51 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B545F141-9BE2-4DCE-B496-2A5CCFC7CC3D}\mpengine.dll
2014-12-16 14:38 . 2014-12-16 23:38	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-12-16 14:38 . 2014-12-16 23:59	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-12-16 13:10 . 2014-12-17 00:03	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-16 13:09 . 2014-12-16 13:09	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-12-16 13:09 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-12-16 13:09 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-12-16 13:09 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-12-15 14:38 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-11 05:47 . 2014-09-21 15:28	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3563E0C-1A8F-43D1-A396-89895392982D}\gapaengine.dll
2014-12-10 17:54 . 2014-12-10 17:54	3981488	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-07 16:04 . 2014-12-07 16:04	--------	d-----w-	c:\users\Siddiq\AppData\Roaming\Unity
2014-12-07 15:56 . 2014-12-07 15:56	--------	d-----w-	c:\users\Siddiq\AppData\Roaming\.mono
2014-12-07 14:02 . 2014-12-07 14:02	--------	d-----w-	c:\program files\Unity
2014-11-30 18:57 . 2014-11-30 18:57	--------	d-----w-	c:\users\Siddiq\AppData\Local\Apps
2014-11-30 18:57 . 2014-11-30 18:59	--------	d-----w-	c:\users\Siddiq\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-16 14:55 . 2013-10-01 15:17	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-12-16 14:55 . 2013-10-01 10:17	348928	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-12-16 14:55 . 2013-10-01 10:17	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-12-10 17:54 . 2013-10-02 16:56	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 17:54 . 2013-10-02 16:56	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 11:25 . 2013-08-21 23:08	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-17 15:23 . 2014-10-17 15:23	14544	----a-w-	c:\windows\SysWow64\drivers\hmonitor45.sys
2014-09-21 15:28 . 2013-10-18 13:53	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-10 898376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
c:\users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2014-10-17 1054432]
.
c:\users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SafeIPS;SafeIPS;c:\program files (x86)\SafeIP\SafeIPs.exe;c:\program files (x86)\SafeIP\SafeIPs.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17b64.sys;c:\windows\SYSNATIVE\drivers\hcw17b64.sys [x]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 17:54]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:01]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10	164760	----a-w-	c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-12-16 109056]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.42.129
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\40.0.2182.3\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-SAFEIP_is1 - c:\program files (x86)\SafeIP\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,89,7d,6c,df,07,af,4c,87,77,9b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,89,7d,6c,df,07,af,4c,87,77,9b,\
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-17  01:10:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-17 00:09
ComboFix2.txt  2013-07-05 11:40
.
Vor Suchlauf: 49 Verzeichnis(se), 166.814.765.056 Bytes frei
Nach Suchlauf: 51 Verzeichnis(se), 168.791.334.912 Bytes frei
.
- - End Of File - - 66DC0F097042791EC9754C60CB769230
A36C5E4F47E84449FF07ED3517B43A31
         
mfg Kevin.

Alt 17.12.2014, 09:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2014, 21:37   #11
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Nabend,

anbei die geforderten logs :

adw log

Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 21:21:35
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Siddiq - KEVO-PC
# Gestartet von : C:\Users\Siddiq\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17088


-\\ Google Chrome v40.0.2214.38


*************************

AdwCleaner[R0].txt - [2258 octets] - [29/08/2013 09:21:16]
AdwCleaner[R1].txt - [2517 octets] - [17/09/2013 22:44:53]
AdwCleaner[R2].txt - [11794 octets] - [30/11/2014 19:34:19]
AdwCleaner[R3].txt - [2181 octets] - [17/12/2014 21:01:22]
AdwCleaner[S0].txt - [1836 octets] - [29/08/2013 09:30:11]
AdwCleaner[S1].txt - [2413 octets] - [17/09/2013 22:47:12]
AdwCleaner[S2].txt - [9487 octets] - [30/11/2014 19:37:50]
AdwCleaner[S3].txt - [1972 octets] - [17/12/2014 21:21:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2032 octets] ##########
         
jrt log :

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Siddiq on 17.12.2014 at 21:28:22,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.12.2014 at 21:32:38,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST log :


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Siddiq (administrator) on KEVO-PC on 17-12-2014 21:37:47
Running from C:\Users\Siddiq\Desktop
Loaded Profile: Siddiq (Available profiles: Kevo & Siddiq)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\ehome\ehshell.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.191.88.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)
Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]
CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 21:32 - 2014-12-17 21:32 - 00000755 _____ () C:\Users\Siddiq\Desktop\JRT.txt
2014-12-17 21:28 - 2014-12-17 21:28 - 01707646 _____ (Thisisu) C:\Users\Siddiq\Desktop\JRT.exe
2014-12-17 21:28 - 2014-12-17 21:28 - 00000000 ____D () C:\Windows\ERUNT
2014-12-17 21:00 - 2014-12-17 21:00 - 02166272 _____ () C:\Users\Siddiq\Desktop\AdwCleaner_4.105.exe
2014-12-17 01:10 - 2014-12-17 01:10 - 00025076 _____ () C:\ComboFix.txt
2014-12-17 00:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-17 00:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-17 00:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-17 00:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-17 00:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-17 00:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-17 00:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-17 00:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-17 00:34 - 2014-12-17 00:34 - 05601641 ____R (Swearware) C:\Users\Siddiq\Desktop\ComboFix.exe
2014-12-17 00:34 - 2014-12-17 00:34 - 05601641 _____ (Swearware) C:\Users\Siddiq\Downloads\ComboFix.exe
2014-12-16 16:51 - 2014-12-17 21:37 - 00017165 _____ () C:\Users\Siddiq\Desktop\FRST.txt
2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe
2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni
2014-12-16 16:29 - 2014-12-16 17:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache
2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video
2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed
2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe
2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe
2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe
2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-16 15:38 - 2014-12-17 21:33 - 02121216 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe
2014-12-16 15:38 - 2014-12-17 00:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-16 15:38 - 2014-12-17 00:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe
2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe
2014-12-16 14:10 - 2014-12-17 21:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK
2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam
2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar
2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip
2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity
2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono
2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe
2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity
2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe
2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip
2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip
2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft
2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe
2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip
2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip
2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp
2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar
2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk
2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk
2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip
2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip
2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip
2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip
2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-30 20:01 - 2014-12-17 21:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 20:01 - 2014-12-17 21:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment
2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0
2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img
2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip
2014-11-27 19:45 - 2014-12-17 21:22 - 00010352 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 21:37 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST
2014-12-17 21:35 - 2013-08-21 23:53 - 01666707 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 21:29 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-12-17 21:29 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-12-17 21:29 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 21:27 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox
2014-12-17 21:27 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox
2014-12-17 21:25 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub
2014-12-17 21:23 - 2014-11-15 21:22 - 00004781 _____ () C:\Windows\setupact.log
2014-12-17 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 21:22 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-17 21:21 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner
2014-12-17 20:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 19:39 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-17 01:10 - 2013-07-05 12:06 - 00000000 ____D () C:\Qoobox
2014-12-17 01:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-17 01:07 - 2013-09-24 11:28 - 00000000 ____D () C:\Windows\erdnt
2014-12-17 01:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-17 00:59 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-17 00:59 - 2009-07-14 03:34 - 68681728 _____ () C:\Windows\system32\config\software.bak
2014-12-17 00:59 - 2009-07-14 03:34 - 27262976 _____ () C:\Windows\system32\config\system.bak
2014-12-17 00:59 - 2009-07-14 03:34 - 01310720 _____ () C:\Windows\system32\config\default.bak
2014-12-17 00:59 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-12-17 00:59 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin
2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert
2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype
2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder
2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit
2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk
2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo
2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google
2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Siddiq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyipz0.dll
C:\Users\Siddiq\AppData\Local\Temp\Quarantine.exe
C:\Users\Siddiq\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 23:15

==================== End Of Log ============================
         
--- --- ---


addition :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Siddiq at 2014-12-17 21:38:22
Running from C:\Users\Siddiq\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Android Data Recovery  (HKLM-x32\...\Android Data Recovery) (Version:  - Tenorshare, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
APW-10 Webphone (HKLM-x32\...\{B42EBE03-4CB9-44E6-B523-61121DB1B195}) (Version: 1.9.0 - AuPix Ltd)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BF3 Settings Editor (HKLM\...\{5866DD36-8055-475B-A5C3-82C04091D14E}) (Version: 2.3 - Realmware)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version: 5.00 - Creative Technology Limited)
Creative Karaoke Player (HKLM-x32\...\CREATIVE KARAOKE PLAYER) (Version: 2.11 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dropbox (HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA PrecisionX 16 (HKLM-x32\...\{E019FA6A-BA92-49A5-A4A6-FB7C60931643}) (Version: 5.2.0 - EVGA Corporation)
Fernbedienungssystem (HKLM-x32\...\Remote Control System) (Version: 5.00 - Creative Technology Limited)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.38 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Juiced2_HIN (HKLM-x32\...\{50E4FCC7-90B9-48C6-9D17-7AE66F282878}) (Version: 1.00.0000 - THQ)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kingo ROOT version 1.2.5.2112 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.5.2112 - Kingosoft Technology Ltd.)
Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{62DAB694-358E-4C6F-82BF-26DA64B297A6}) (Version: 4.3.2 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MultIV (HKLM-x32\...\{A30833E0-EC35-4DE7-96CD-AFF4FB5976EA}) (Version: 0.2.0 - MultIV Development Team)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)
PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Incl. Update 28 (HKLM-x32\...\PAYDAY 2_is1) (Version:  - )
PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 1.8.0.0 - Steppschuh)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
ROOT´óʦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.9730 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.8.4 - Shark007)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{54500B82-846C-4052-83C8-B7AEB786760C}) (Version: 2.0.0.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Virtual Mpc Version 1.0 (HKLM-x32\...\{FBE55100-FC71-4027-B760-F96D51BE28A5}_is1) (Version: 1.0 - MediaXtremely)
VirtualDJ PRO Full (HKLM-x32\...\{23F20D12-1D01-4806-8AA8-AC79055109DE}) (Version: 7.4 - Atomix Productions)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\A43025A72B6CC28CB38B93867B2740C581E3B100) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\4D55218052428488AFE6BA93FABC783E658657A7) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\38207DB32AC6A59CE6075F5AAE1448040FAC76DB) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\BC0FC97093ED911878848F7852D617BA23E42F68) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows-Treiberpaket - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\97541C74689007984DD12A4E0B349E2F96A66C2F) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows-Treiberpaket - Microsoft Corporation (WinUSB) AndroidUsbDeviceClass  (07/11/2013 1.4.0015.00000) (HKLM\...\F556F06662CD592AC1110F9116ADB92815A9AA30) (Version: 07/11/2013 1.4.0015.00000 - Microsoft Corporation)
Windows-Treiberpaket - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows-Treiberpaket - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows-Treiberpaket - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)
Windows-Treiberpaket - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-10-2014 21:36:32 Installed iTunes
04-10-2014 23:20:21 Installed APW-10 Webphone
06-10-2014 01:01:28 Windows Update
09-10-2014 01:29:22 Windows Update
09-10-2014 18:50:59 Gerätetreiber-Paketinstallation: ClockworkMod Android Phone
15-10-2014 18:15:45 Windows Update
17-10-2014 19:18:54 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Modems
17-10-2014 19:44:20 Wiederherstellungsvorgang
17-10-2014 20:03:23 Windows Update
21-10-2014 19:09:55 Windows Update
22-10-2014 21:04:20 Gerätetreiber-Paketinstallation: Google USB
25-10-2014 22:28:01 Windows Update
29-10-2014 19:27:06 Windows Update
02-11-2014 18:21:21 Windows Update
08-11-2014 18:12:50 Windows Update
11-11-2014 20:33:52 Windows Update
16-11-2014 21:45:54 Windows Update
23-11-2014 06:27:54 Windows Update
28-11-2014 20:00:08 Windows Update
02-12-2014 06:47:56 Windows Update
06-12-2014 06:46:23 Windows Update
10-12-2014 06:46:16 Windows Update
14-12-2014 15:39:10 Windows Update
17-12-2014 00:42:16 ComboFix created restore point
17-12-2014 21:35:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-17 19:11 - 2014-12-17 01:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {41E1B4D9-FE5B-4BE2-AFD1-790FDC81E12A} - System32\Tasks\{B4F99F75-04D0-4B94-8DAF-84E84F31179C} => pcalua.exe -a "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update\Setup.exe" -d "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update"
Task: {580B284E-0785-41EB-9EE7-5C7E92ED6077} - System32\Tasks\{82628D5D-E012-4444-9C07-6AC1F085F097} => pcalua.exe -a "C:\Users\Kevo\Downloads\gfwlivesetup (4).exe" -d C:\Users\Kevo\Downloads
Task: {5D5F7653-0830-4687-A9A6-1BC382C9B08D} - System32\Tasks\{2AB3583C-2245-4FB0-B01E-E170BD70E9BF} => C:\Program Files (x86)\Virtual Mpc\Virtual Mpc.exe [2011-11-19] (MediaXtremely)
Task: {803EBFD5-6DBC-4919-8B7B-4F380B5C895C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9008C5B8-4461-4FBF-8F86-44C32CFEA375} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: {9808C32A-471A-4873-AFFE-DF1C8F04C229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {A2C81D7C-0685-4C6E-8C17-CE21834CB210} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {BB7F2B71-1A24-44C3-9D2C-884E905731B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)
Task: {F29EA58C-69E0-4D86-A052-34606B92DAEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-22 02:21 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-22 21:30 - 2014-08-11 23:55 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-12-10 21:09 - 2014-12-10 04:57 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libglesv2.dll
2014-12-10 21:09 - 2014-12-10 04:57 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libegl.dll
2014-12-10 21:09 - 2014-12-10 04:57 - 10865480 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\pdf.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2014-10-11 23:17 - 2009-11-30 17:53 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-10-11 23:17 - 2009-12-08 14:50 - 00177664 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-01 08:26 - 2014-03-17 02:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: SafetyNutManager => 2
MSCONFIG\startupfolder: C:^Users^Kevo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Kevo\AppData\Local\Temp\File4352044518964978922.jar"
MSCONFIG\startupreg: Hercules DJ Series TrayAgent => C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot
MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r

========================= Accounts: ==========================

Administrator (S-1-5-21-17948161-4136030996-2878415790-500 - Administrator - Disabled)
Gast (S-1-5-21-17948161-4136030996-2878415790-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-17948161-4136030996-2878415790-1002 - Limited - Enabled)
Kevo (S-1-5-21-17948161-4136030996-2878415790-1001 - Administrator - Enabled) => C:\Users\Kevo
Siddiq (S-1-5-21-17948161-4136030996-2878415790-1008 - Administrator - Enabled) => C:\Users\Siddiq

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-17 00:56:48.697
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-12-17 00:56:48.617
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 5119.29 MB
Available physical RAM: 2958.15 MB
Total Pagefile: 10236.76 MB
Available Pagefile: 7516.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:152.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D61A319B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
mfg Kevin.

Alt 17.12.2014, 21:54   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (17.12.2014 um 22:55 Uhr)

Alt 17.12.2014, 22:00   #13
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



hab ich ebend gemacht, nochmal ?

Alt 17.12.2014, 22:55   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Habs korrigiert, hab den falschen Baustein angeklickt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2014, 13:50   #15
kevinanthony
 
Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Standard

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..



Moin ,

einmal mbam log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.12.2014
Suchlauf-Zeit: 23:35:21
Logdatei: mbam log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.17.04
Rootkit Datenbank: v2014.12.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Siddiq

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 384741
Verstrichene Zeit: 25 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
ESET log :

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=682d0596c7b151418ed86fa582092787
# engine=21605
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-17 11:12:47
# local_time=2014-12-18 12:12:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7782364 60167683 0 0
# scanned=22
# found=0
# cleaned=0
# scan_time=72
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=682d0596c7b151418ed86fa582092787
# engine=21605
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-18 08:29:57
# local_time=2014-12-18 09:29:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 7815794 60201113 0 0
# scanned=308464
# found=83
# cleaned=0
# scan_time=29330
sh=A102A960644BE08940F4E8488152AE2F1830976B ft=1 fh=40585142393bf6e6 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Helper.dll.vir"
sh=9266F015731604616974EDBDAD28C3A36BAA1D5E ft=1 fh=1f6a561fcb8d1692 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Internet Explorer Settings.exe.vir"
sh=2EE72F127C043FBC3F6DE2F3B200355C65C508CD ft=1 fh=733762b6e00a51d9 vn="Win32/Toolbar.SearchSuite.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll.vir"
sh=7EA715EB775D2F8CCE9512D1FDF51A66A7BD4EEE ft=1 fh=e4ab5faed85ae927 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll.vir"
sh=F494E58C168EE00589FA740066A058494C52B47F ft=1 fh=59e48c3b886fb113 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr_u.dll.vir"
sh=05F966E47BD188A09A3F94601DABF194EF4A6609 ft=1 fh=1ea04831ece777a2 vn="Variante von Win32/Toolbar.SearchSuite.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe.vir"
sh=D3CA21EFC311CF3CAD31B43D910534C22FDBE4F2 ft=1 fh=77cf14f14318a65c vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut_ie.dll.vir"
sh=DE82D3A4BAA20181E09F2A57663F9D175347B28C ft=1 fh=8f33ac66ce061627 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\Internet Explorer Settings.exe.vir"
sh=B1AED2E542D2B49B935F486E5C1D4F07E2F0AD49 ft=1 fh=e7ece639bdaf7919 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll.vir"
sh=5FA015211A09D25E5E5BEF545E8601910A97582D ft=1 fh=2efcdf4ba4589200 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll.vir"
sh=129043C40301641EA0F229AB7AEF82B38BE79AF6 ft=1 fh=61c2d14715b17a5c vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr_u.dll.vir"
sh=4925399530298A7D6EB00307B4094CC5A2F65130 ft=1 fh=34be83c1de23a634 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut.dll.vir"
sh=97AEAD178DEC57AEDD229AB7B437B41BA9897C86 ft=1 fh=725919a07dd4157b vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut_ie.dll.vir"
sh=9632E1AC8B967AC0C86C1164C5CC1BE6D09559BD ft=1 fh=8fbaa163c9af4b58 vn="Win32/bProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.vir"
sh=5B1B511C55F5E656C01C34FC3812AF210A942D7B ft=1 fh=270199ee25538721 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe.vir"
sh=5B1B511C55F5E656C01C34FC3812AF210A942D7B ft=1 fh=270199ee25538721 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kevo\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kevo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"
sh=F62B6CC700DFD3250972DA9CD40891826950B6DE ft=1 fh=69e42b4b29fcdff9 vn="Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Helper.dll"
sh=8ADAAE074F0453305632DFFAEAD0773392E553F2 ft=1 fh=a3c15f99b9da4c5b vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Uninstall.exe"
sh=D57FDCC621EFFBC2C6C626C98827E11376E58CC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar"
sh=05496692BE3D1FFD73E0DB872AD44736456F309B ft=1 fh=0a3723757c633046 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\DownloadManagerSetup.exe"
sh=6676270EF28EB27D9884155B545167A7F59E0BEF ft=1 fh=4d8f9fb86021498e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe"
sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe"
sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe"
sh=10EC9D9C93D2F2BEB677D7FD493C73FED9DC0832 ft=1 fh=611227e113887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=5CFAFD2021118DF91FAC86E3362C9FC4E7819ECE ft=1 fh=b3d516fd14955557 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe"
sh=D9ACE011F481C9A8054511DC1AAB6A3C7B5D0FA5 ft=1 fh=df1655747ceefb41 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Recuva - CHIP-Downloader.exe"
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\setup_Project64_2.1.exe"
sh=2F47B4BA8CCDBBD2CD9F501FA178B368ADDE67FC ft=1 fh=e1ee3862b8120d8b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Tunngle - CHIP-Installer.exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (1).exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (2).exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup.exe"
sh=A26E8508633716B537149AB18C866D7A42918F71 ft=1 fh=63002f26150896b3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Virtual_Mpc_setup.exe"
sh=82449999D4CA001C9619AABD9DB6C1B122D9B6B4 ft=1 fh=d6e2c475807e20f5 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\32bit_Standard_v184.exe"
sh=76C19267783B1C3FBE78C7EDFB19EEE1CA020E5B ft=1 fh=24f1c525cd32bc9c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe"
sh=69BBE5523F4836548AD1873EA7F3927A30C9D722 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk"
sh=63A6B64C95F819B6957419B2BF1BA06F66460B7C ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk"
sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\tr.apk"
sh=BE6F71B941AEAE604D167B044DB12FFA0111121B ft=1 fh=c84af2beea5a480e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe"
sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe"
sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe"
sh=1A97253BB89F2FEE65F0D5338374C9BD348BA797 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\3ab0d83b-5408f364"
sh=282C41AB2E8A56CBE8E12D1C4813AEFA540F1CE2 ft=1 fh=8d63cae4c6922cd0 vn="Variante von Win32/MessengerPlus evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\MsgPlusLive-485.exe"
sh=2585FB652784CADB0140D7AC8B768D24709C5C99 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DC Trojaner" ac=I fn="C:\FRST\Quarantine\rootutility"
sh=549576C3043357DE2709F12BD4B6EE3066B5C6B9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\SuperOneClickv2.zip"
sh=6C889BFF503B258DD165154BB8485792C5FA6A5F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Kuguo.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\Superusers.apk"
sh=23E9AE92BB0A5F649B1B6DCDC876E91712484E52 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.BN Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\AppCool.apk"
sh=197FADF8E7B72EF9C1ED9F650B7A29DEF4B8372A ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\CleanMaster.apk"
sh=C84320EDFC4CDDE05386E611105CE6220CF3A8E7 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\Superuser.apk"
sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"
sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"
sh=F62B6CC700DFD3250972DA9CD40891826950B6DE ft=1 fh=69e42b4b29fcdff9 vn="Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\AppData\Local\Viber\Helper.dll"
sh=8ADAAE074F0453305632DFFAEAD0773392E553F2 ft=1 fh=a3c15f99b9da4c5b vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\AppData\Local\Viber\Uninstall.exe"
sh=D57FDCC621EFFBC2C6C626C98827E11376E58CC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Users\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar"
sh=05496692BE3D1FFD73E0DB872AD44736456F309B ft=1 fh=0a3723757c633046 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\DownloadManagerSetup.exe"
sh=6676270EF28EB27D9884155B545167A7F59E0BEF ft=1 fh=4d8f9fb86021498e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe"
sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe"
sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe"
sh=10EC9D9C93D2F2BEB677D7FD493C73FED9DC0832 ft=1 fh=611227e113887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=5CFAFD2021118DF91FAC86E3362C9FC4E7819ECE ft=1 fh=b3d516fd14955557 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe"
sh=D9ACE011F481C9A8054511DC1AAB6A3C7B5D0FA5 ft=1 fh=df1655747ceefb41 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Recuva - CHIP-Downloader.exe"
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="C:\Users\Kevo\Downloads\setup_Project64_2.1.exe"
sh=2F47B4BA8CCDBBD2CD9F501FA178B368ADDE67FC ft=1 fh=e1ee3862b8120d8b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Tunngle - CHIP-Installer.exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup (1).exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup (2).exe"
sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup.exe"
sh=A26E8508633716B537149AB18C866D7A42918F71 ft=1 fh=63002f26150896b3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Virtual_Mpc_setup.exe"
sh=82449999D4CA001C9619AABD9DB6C1B122D9B6B4 ft=1 fh=d6e2c475807e20f5 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Programs\32bit_Standard_v184.exe"
sh=76C19267783B1C3FBE78C7EDFB19EEE1CA020E5B ft=1 fh=24f1c525cd32bc9c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe"
sh=69BBE5523F4836548AD1873EA7F3927A30C9D722 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Users\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk"
sh=63A6B64C95F819B6957419B2BF1BA06F66460B7C ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Users\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk"
sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\Siddiq\Downloads\tr.apk"
sh=BE6F71B941AEAE604D167B044DB12FFA0111121B ft=1 fh=c84af2beea5a480e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe"
sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe"
sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe"
         
mfg Kevin.

Antwort

Themen zu Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..
deaktiviert, defender, eingefangen, freundlich, gefangen, js/kryptik.atb, leistung, plötzlich, rechenleistung, win32/bprotector.a, win32/bprotector.j, win32/downloadsponsor.a, win32/installcore.by, win32/packed.vmprotect.abd, win32/toolbar.babylon.w, win32/toolbar.searchsuite.c, win32/toolbar.searchsuite.f, win32/toolbar.searchsuite.m, win32/toolbar.searchsuite.o, win32/toolbar.searchsuite.q, win32/toolbar.searchsuite.w, win32/toolbar.searchsuite.w.gen, win64/toolbar.searchsuite.a, win64/toolbar.searchsuite.b, win64/toolbar.searchsuite.c, windows defender



Ähnliche Themen: Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..


  1. Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff
    Plagegeister aller Art und deren Bekämpfung - 04.06.2015 (11)
  2. Windows-Sicherheitscenter war deaktiviert - nun kann ich Windows-Defender nicht mehr starten
    Log-Analyse und Auswertung - 20.12.2013 (13)
  3. Windows 7 : Internet plötzlich extrem verlangsamt
    Log-Analyse und Auswertung - 17.12.2013 (19)
  4. MSE & Windows Defender plötzlich inaktiv
    Log-Analyse und Auswertung - 02.06.2013 (41)
  5. Drucker sind plötzlich deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (1)
  6. PC plötzlich verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (32)
  7. Firewall deaktiviert, Windows Defender anscheinend gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  8. Windows 7: Firewall plötzlich deaktiviert?
    Netzwerk und Hardware - 20.04.2012 (1)
  9. gamerpc plötzlich extrem verlangsamt
    Log-Analyse und Auswertung - 24.12.2011 (1)
  10. Kaspersky plötzlich deaktiviert / FB trojaner?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (11)
  11. Kaspersky plötzlich deaktiviert
    Antiviren-, Firewall- und andere Schutzprogramme - 22.10.2011 (1)
  12. Google Umleitung und Windows-Defender deaktiviert
    Log-Analyse und Auswertung - 18.05.2011 (18)
  13. Win Defender meldet plötzlich trojanDownloader:Win32/Kargany.A
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (21)
  14. Sicherheitscenter und Defender werden deaktiviert win7
    Log-Analyse und Auswertung - 08.04.2011 (20)
  15. Internet plötzlich stark verlangsamt
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (0)
  16. W2000 Server verlangsamt plötzlich.
    Alles rund um Windows - 20.10.2007 (2)
  17. W2000 Server verlangsamt plötzlich.
    Mülltonne - 19.10.2007 (0)

Zum Thema Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. - Hallo Liebes Trojaner- Board Team , wie der Titel schon vermuten lässt, habe ich mir wohl etwas eingefangen und obige Symptome sind eingetreten. bitte freundlich um eure Hilfe und hoffe - Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.....
Archiv
Du betrachtest: Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.