Troj.gen.zlob in C:\windows\system32\asfar.exe

Bonkers1982 · 09.01.2015, 09:18

Und täglich grüßt das Murmeltier. Ist wieder da. Kurz nachdem ich AIMP3 mit nem Musikmix startete kam wieder eien Werbung im Hintergurd und ich finde es im Taskmanager.

schrauber · 09.01.2015, 09:35

Ich würde gerne mal einen Screen davon sehen, was Du im Taskmanager siehst. Die andern Screens vorher war das nicht zu sehen.

Dann bitte nochmal ein frisches FRST log.

Downloade dir bitte Rogue Killer von hier.

Speichere das Tool auf deinem Desktop !
Schließe alle laufenden Programme.
Starte die RogueKiller.exe
Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.

Bonkers1982 · 09.01.2015, 10:12

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Bonkers at 2015-01-09 10:10:07
Running from J:\Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)
Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)
FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

08-01-2015 12:37:34 Geplanter Prüfpunkt
08-01-2015 20:40:16 Prüfpunkt von HitmanPro
08-01-2015 20:41:26 Prüfpunkt von HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts
83.169.15.25	battlefield2.available.gamespy.com
83.169.15.25	battlefield2.master.gamespy.com
83.169.15.25	battlefield2.ms14.gamespy.com
83.169.15.25	gpsp.gamespy.com
83.169.15.25	gpcm.gamespy.com
83.169.15.6	eapusher.dice.se


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\
Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\
Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)
Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)
Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-09 09:10 - 2015-01-09 09:10 - 00040448 ____N () C:\Users\Bonkers\AppData\Local\Temp\proxy_vole4572833848207152153.dll
2015-01-09 09:10 - 2015-01-09 09:10 - 00566439 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2015-01-09 09:10 - 2015-01-09 09:10 - 04078962 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp
2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll
2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-11 10:02 - 2014-12-15 16:16 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe
MSCONFIG\startupreg: YTDownloader => /boot

========================= Accounts: ==========================

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)
Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers
Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 09:17:09 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/09/2015 09:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Generatorname: Registry Writer
   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}


System errors:
=============
Error: (01/09/2015 10:06:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 10:06:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 10:04:36 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 10:04:32 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 10:04:31 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 09:55:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 09:55:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 09:55:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 09:55:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/09/2015 09:55:09 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.


Microsoft Office Sessions:
=========================
Error: (01/09/2015 09:17:09 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/09/2015 09:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)0x80070005, Zugriff verweigert

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Generatorname: Registry Writer
   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}


==================== Memory info =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 40%
Total physical RAM: 8093.13 MB
Available physical RAM: 4822.27 MB
Total Pagefile: 16184.43 MB
Available Pagefile: 12469.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:43.18 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS
Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS
Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:355.89 GB) NTFS
Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS
Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.97 GB) NTFS
Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF
Drive l: (Wasteland 2) (CDROM) (Total:8.25 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)
Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Bonkers1982 · 09.01.2015, 10:35

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Bonkers (administrator) on BONKERS-PC on 09-01-2015 10:09:09
Running from J:\Programme
Loaded Profile: Bonkers (Available profiles: Bonkers)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AppWork GmbH) C:\Users\Bonkers\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]
CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]
CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]
CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]
CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]
CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]
CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]
CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\system32\.crusader
2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log
2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe
2015-01-07 17:13 - 2015-01-09 09:10 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0
2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt
2015-01-07 12:33 - 2015-01-09 10:09 - 00000000 ____D () C:\FRST
2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log
2015-01-07 12:15 - 2015-01-07 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inXile Entertainment
2015-01-07 08:56 - 2015-01-07 17:21 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0
2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15
2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt
2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json
2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure
2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo
2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software
2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell
2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-26 11:11 - 2015-01-09 09:06 - 00003557 _____ () C:\Windows\setupact.log
2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log
2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log
2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat
2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock
2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq
2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin
2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall
2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall
2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes
2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V
2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick
2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10
2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}
2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z
2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa
2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent
2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java
2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 09:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 09:29 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:29 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 09:19 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3
2015-01-09 09:11 - 2014-11-21 18:25 - 01255144 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 09:07 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-09 09:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 11:48 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc
2015-01-07 20:30 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps
2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games
2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite
2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung
2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther
2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton
2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client
2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM
2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype
2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe
2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

Some content of TEMP:
====================
C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
C:\Users\Bonkers\AppData\Local\Temp\proxy_vole4572833848207152153.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:29

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software
mail : hxxp://www.adlice.com/contact/
Feedback : hxxp://forum.adlice.com
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bonkers [Administrator]
Mode : Scan -- Date : 01/09/2015  10:27:43

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] icq.exe(1344) -- C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe[7] -> Killed [TermThr]
[Proc.Injected] iexplore.exe(3244) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
[Proc.Injected] iexplore.exe(2044) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]

¤¤¤ Registry : 24 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe -CU  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe -CU  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25	battlefield2.available.gamespy.com
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25	battlefield2.master.gamespy.com
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25	battlefield2.ms14.gamespy.com
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25	gpsp.gamespy.com
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25	gpcm.gamespy.com
[C:\Windows\System32\drivers\etc\hosts] 83.169.15.6	eapusher.dice.se

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] vy1kje3w.default-1419268357671 : user_pref("browser.startup.homepage", "www.google.de"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++
--- User ---
[MBR] bfe232512100ee3a5e91aebbbe9b2a4f
[BSP] 0786aa3f2c2570e1a7e51a6cc4f6af53 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 104900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 215042048 | Size: 205000 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 634882048 | Size: 300478 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM 003-1ER162 SATA Disk Device +++++
--- User ---
[MBR] 8a3d5c31be70d628e60b921d3c477b5f
[BSP] d6106c334ef1dac28d8c270c61e92a82 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500868 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Brother DCP-J125 USB Device +++++
Error reading User MBR! ([15] Das Gerät ist nicht bereit. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

schrauber · 09.01.2015, 14:00

Alle Funde mit RogueKiller löschen.

Bonkers1982 · 10.01.2015, 11:24

Mahlzeit. Na der Beseitigung weg und nun wieder da. 8o(

schrauber · 10.01.2015, 13:11

Dann schauen wir mal von aussen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Bonkers1982 · 11.01.2015, 11:03

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by SYSTEM on MININT-2HH718B on 11-01-2015 10:59:44
Running from e:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKU\Bonkers\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\Bonkers\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\Bonkers\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:51 - 2015-01-09 15:51 - 00358595 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-09.json
2015-01-09 10:20 - 2015-01-09 20:38 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-01-09 10:20 - 2015-01-09 10:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-09 10:15 - 2015-01-07 11:38 - 18467928 _____ () C:\Users\Bonkers\Desktop\RogueKillerX64.exe
2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\System32\.crusader
2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log
2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe
2015-01-07 17:13 - 2015-01-10 20:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0
2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt
2015-01-07 12:33 - 2015-01-11 10:59 - 00000000 ____D () C:\FRST
2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log
2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0
2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15
2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt
2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json
2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure
2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo
2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software
2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell
2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-26 11:11 - 2015-01-11 10:15 - 00003725 _____ () C:\Windows\setupact.log
2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log
2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\System32\log
2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat
2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock
2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq
2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin
2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall
2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall
2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V
2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick
2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10
2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}
2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z
2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa
2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 10:53 - 2014-11-21 18:25 - 01320740 _____ () C:\Windows\WindowsUpdate.log
2015-01-11 10:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 10:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 10:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 10:15 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 10:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 20:27 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3
2015-01-09 20:52 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps
2015-01-09 10:20 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc
2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games
2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite
2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung
2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther
2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\users\Bonkers
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton
2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client
2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM
2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype
2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe
2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
C:\Users\Bonkers\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Bonkers\AppData\Local\Temp\proxy_vole6248513209054518963.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-08 12:37:42
Restore point made on: 2015-01-08 20:40:25
Restore point made on: 2015-01-08 20:41:30

==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8093.13 MB
Available physical RAM: 7242.67 MB
Total Pagefile: 8091.32 MB
Available Pagefile: 7233.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:42.64 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS
Drive e: (FLASH DRIVE) (Removable) (Total:1.85 GB) (Free:1.67 GB) FAT
Drive f: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS
Drive h: (Welten) (Fixed) (Total:200.2 GB) (Free:195.19 GB) NTFS
Drive i: (Download) (Fixed) (Total:442.38 GB) (Free:353.42 GB) NTFS
Drive k: (GSP1RMCULXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)
Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: AC4EABA7)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)


LastRegBack: 2015-01-05 16:29

==================== End Of Log ============================

--- --- ---

schrauber · 11.01.2015, 13:57

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock
2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Nochmal im normalen Modus scannen.

Bonkers1982 · 12.01.2015, 09:14

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by SYSTEM at 2015-01-12 09:00:56 Run:2
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock
2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq
Emptytemp:
         
*****************

C:\Users\Bonkers\AppData\Local\Desktop_Dock => Moved successfully.
C:\Users\Bonkers\AppData\Roaming\qjnhzepq => Moved successfully.
Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 09:00:57 ====

Code:

ATTFilter

Ran by SYSTEM on MININT-V194UIF on 12-01-2015 09:09:18
Running from K:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKU\Bonkers\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\Bonkers\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\Bonkers\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 15:51 - 2015-01-09 15:51 - 00358595 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-09.json
2015-01-09 10:20 - 2015-01-09 20:38 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-01-09 10:20 - 2015-01-09 10:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-09 10:15 - 2015-01-07 11:38 - 18467928 _____ () C:\Users\Bonkers\Desktop\RogueKillerX64.exe
2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\System32\.crusader
2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log
2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe
2015-01-07 17:13 - 2015-01-12 08:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0
2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt
2015-01-07 12:33 - 2015-01-12 09:09 - 00000000 ____D () C:\FRST
2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log
2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0
2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15
2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt
2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json
2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure
2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo
2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software
2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell
2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT
2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-12-26 11:11 - 2015-01-12 09:06 - 00003949 _____ () C:\Windows\setupact.log
2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log
2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\System32\log
2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat
2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin
2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall
2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111
2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall
2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V
2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick
2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin
2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10
2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}
2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z
2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa
2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 09:06 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 09:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 09:05 - 2014-11-21 18:25 - 01355104 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 09:05 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 09:05 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 08:54 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc
2015-01-12 08:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 20:27 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3
2015-01-09 20:52 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps
2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games
2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite
2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung
2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther
2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\users\Bonkers
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira
2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton
2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client
2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM
2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype
2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe
2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
C:\Users\Bonkers\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Bonkers\AppData\Local\Temp\proxy_vole9047108747479824946.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-08 12:37:42
Restore point made on: 2015-01-08 20:40:25
Restore point made on: 2015-01-08 20:41:30

==================== Memory info =========================== 

Percentage of memory in use: 10%
Total physical RAM: 8093.13 MB
Available physical RAM: 7240.61 MB
Total Pagefile: 8091.32 MB
Available Pagefile: 7229.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:42.31 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS
Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:352.29 GB) NTFS
Drive h: (Welten) (Fixed) (Total:200.2 GB) (Free:195.19 GB) NTFS
Drive j: (GSP1RMCULXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF
Drive k: (FLASH DRIVE) (Removable) (Total:1.85 GB) (Free:1.62 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)
Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 1.9 GB) (Disk ID: AC4EABA7)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)


LastRegBack: 2015-01-05 16:29

==================== End Of Log ============================

schrauber · 12.01.2015, 09:41

Jetzt bitte normal booten und nochmal testen.

Bonkers1982 · 13.01.2015, 09:52

So scheint wohl erstmal wieder alles schick zu sein. BEsten Dank. Adios.

schrauber · 13.01.2015, 16:10

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bonkers1982 · 29.05.2015, 16:44

Ahoi,

hab mal wieder ein Problem. Nuetze jetzt einfach mal hier einen alten Beitrag von mir. Und zwar kommt kurz nach dem Start immer eine Fehlermeldung bzw. eine Virusmeldung. Trotz entfernen dieses Virus kommt er immer und immer wieder. Fehlermeldung lade ich hoch. Vielleicht wisst ihr nen Rat, wie man den Mist wieder los wird. Danke.

Bonkers1982 · 29.05.2015, 16:46

Zitat:

Zitat von Bonkers1982

Ahoi,

hab mal wieder ein Problem. Nuetze jetzt einfach mal hier einen alten Beitrag von mir. Und zwar kommt kurz nach dem Start immer eine Fehlermeldung bzw. eine Virusmeldung. Trotz entfernen dieses Virus kommt er immer und immer wieder. Fehlermeldung lade ich hoch. Vielleicht wisst ihr nen Rat, wie man den Mist wieder los wird. Danke.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Bonkers (administrator) on BONKERS-PC on 29-05-2015 17:41:18
Running from J:\Programme
Loaded Profiles: Bonkers (Available Profiles: Bonkers)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AppWork GmbH) C:\Users\Bonkers\AppData\Local\JDownloader 2.0\JDownloader2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\i7v79u20.default-1432369977391
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\i7v79u20.default-1432369977391\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 23cb3056; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.93\OptProMon.dll",ENT <==== ATTENTION
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S2 globalUpdate1d09531cbce3201; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.SYS [31899 2006-10-23] (Compuware Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Bonkers\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 07:36 - 2015-05-29 17:31 - 00000112 _____ () C:\Windows\setupact.log
2015-05-29 07:36 - 2015-05-29 07:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-28 15:14 - 2015-05-28 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-28 15:07 - 2015-05-28 15:07 - 00024401 _____ () C:\Users\Bonkers\Desktop\5.jpeg
2015-05-28 15:00 - 2015-05-29 17:36 - 01952848 _____ () C:\Users\Bonkers\AppData\Roaming\5.exe
2015-05-27 19:23 - 2015-05-27 19:23 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-05-27 19:21 - 2015-05-28 07:47 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-05-25 18:28 - 2015-05-25 18:38 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-05-25 18:28 - 2015-05-25 18:38 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-05-25 18:28 - 2015-05-25 18:28 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\SecTaskMan
2015-05-23 11:04 - 2015-05-23 11:04 - 00004282 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-05-23 10:24 - 2015-05-23 10:24 - 00000008 _____ () C:\END
2015-05-23 10:19 - 2015-05-23 11:04 - 00000128 _____ () C:\Windows\Reimage.ini
2015-05-23 10:18 - 2015-05-23 10:27 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Opera Software
2015-05-23 10:18 - 2015-05-23 10:27 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Opera Software
2015-05-23 10:18 - 2015-05-23 10:18 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-05-23 10:18 - 2015-05-23 10:18 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-05-23 10:17 - 2015-05-23 10:17 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashRpt
2015-05-23 09:59 - 2015-02-19 13:09 - 00020248 _____ () C:\Windows\system32\roboot64.exe
2015-05-23 09:58 - 2015-05-29 17:31 - 00001694 _____ () C:\Windows\Tasks\XFUPFNOQ.job
2015-05-23 09:58 - 2015-05-23 09:58 - 00004728 _____ () C:\Windows\System32\Tasks\XFUPFNOQ
2015-05-23 09:58 - 2015-05-23 09:58 - 00000000 ____D () C:\ProgramData\Registry Helper
2015-05-23 09:56 - 2015-05-23 09:57 - 00000000 ____D () C:\Users\Bonkers\Documents\MaxComputerCleaner
2015-05-23 09:56 - 2015-05-23 09:56 - 00003228 _____ () C:\Windows\System32\Tasks\MaxComputerCleaner_Start
2015-05-23 09:56 - 2015-05-23 09:56 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max_Computer_Cleaner
2015-05-22 14:53 - 2015-05-22 14:53 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-05-22 14:52 - 2015-05-29 17:31 - 00001028 _____ () C:\Windows\Tasks\yGc37UpPqrj0EHiP9sRU205O.job
2015-05-22 14:52 - 2015-05-23 10:23 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-22 14:52 - 2015-05-22 14:52 - 00004062 _____ () C:\Windows\System32\Tasks\yGc37UpPqrj0EHiP9sRU205O
2015-05-22 14:52 - 2015-05-22 14:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\globalUpdate
2015-05-22 14:50 - 2015-05-22 14:50 - 00003764 _____ () C:\Windows\System32\Tasks\Convertor
2015-05-22 14:50 - 2015-05-22 14:50 - 00003288 _____ () C:\Windows\System32\Tasks\Winsta Update
2015-05-22 14:50 - 2015-05-22 14:50 - 00003252 _____ () C:\Windows\System32\Tasks\WinKit
2015-05-22 14:50 - 2015-05-22 14:50 - 00003158 _____ () C:\Windows\System32\Tasks\{4A75F284-DEEC-4613-8776-8D798E06E2C3}
2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\PDFConvert
2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Winsta
2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Convertor
2015-05-20 16:26 - 2015-05-24 10:31 - 00000000 ____D () C:\Users\Bonkers\Documents\WWE2K15
2015-05-20 14:04 - 2015-05-20 14:04 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AMD
2015-05-20 14:02 - 2015-05-20 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-20 14:02 - 2015-05-20 14:02 - 00000000 ____D () C:\ProgramData\ATI
2015-05-20 14:01 - 2015-05-20 14:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\library_dir
2015-05-20 13:59 - 2015-05-27 17:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Raptr
2015-05-20 13:59 - 2015-05-20 14:02 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-20 13:59 - 2015-05-20 13:59 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201505201359343112.log
2015-05-20 13:59 - 2015-05-20 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-20 13:59 - 2015-05-20 13:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-05-20 13:54 - 2015-05-20 13:54 - 00000000 ____D () C:\AMD
2015-05-19 18:56 - 2015-05-28 16:31 - 00000000 ____D () C:\Users\Bonkers\Documents\The Witcher 3
2015-05-18 20:32 - 2015-05-18 20:32 - 00003226 _____ () C:\Windows\System32\Tasks\{664944CE-CA3A-4097-B5C3-C5D3477CE076}
2015-05-17 20:38 - 2015-05-17 20:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 20:38 - 2015-04-30 10:07 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 20:22 - 2015-05-17 20:22 - 00000000 ____D () C:\Windows\USB Vibration
2015-05-17 20:22 - 2015-05-17 20:22 - 00000000 ____D () C:\Program Files (x86)\VID_0E8F&PID_3013
2015-05-17 20:22 - 2007-01-19 11:37 - 00073757 _____ () C:\Windows\SysWOW64\dancemat.exe
2015-05-17 20:22 - 2006-10-23 11:42 - 00031899 _____ (Compuware Corporation) C:\Windows\SysWOW64\Drivers\hid8101.sys
2015-05-17 16:23 - 2015-05-17 16:32 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-05-17 16:20 - 2015-05-29 17:31 - 00000370 _____ () C:\Windows\Tasks\LYETIXL1.job
2015-05-17 16:20 - 2015-05-17 16:20 - 00002892 _____ () C:\Windows\System32\Tasks\LYETIXL1
2015-05-17 16:20 - 2015-05-17 16:20 - 00000000 ____D () C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-05-17 14:38 - 2015-05-17 14:38 - 01418322 _____ () C:\Users\Bonkers\Downloads\2009113151455.rar
2015-05-17 14:38 - 2015-05-17 14:38 - 00751288 _____ (Web ) C:\Users\Bonkers\Downloads\DriverGuide_Driver_Download_1834844(1).exe
2015-05-17 14:37 - 2015-05-17 14:37 - 00751288 _____ (Web ) C:\Users\Bonkers\Downloads\DriverGuide_Driver_Download_1834844.exe
2015-05-17 13:35 - 2015-05-17 13:35 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\MK10
2015-05-15 12:37 - 2015-05-15 12:37 - 00000000 ____D () C:\ProgramData\Socialclub
2015-05-15 12:28 - 2015-05-23 11:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-14 10:07 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 10:07 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 18:57 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 18:57 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 18:57 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 18:57 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 18:57 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 18:57 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 18:57 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 18:57 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 18:57 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 18:57 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 18:57 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 18:57 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 18:57 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 18:57 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 18:57 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 18:57 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 18:57 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 18:57 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 18:57 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 18:57 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 18:57 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 18:57 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 18:57 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 18:57 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 18:57 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 18:57 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 18:57 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 18:57 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 18:57 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 18:57 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 18:57 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 18:57 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 18:57 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 18:56 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 18:56 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 18:56 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 18:56 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 18:55 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 18:55 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 18:55 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 18:55 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 18:55 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 18:52 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 18:52 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 18:52 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 18:52 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 18:52 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 18:52 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 18:52 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 18:52 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 18:52 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 18:52 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 18:52 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 18:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 18:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 18:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 18:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 18:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 18:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 18:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 18:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 18:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 18:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 18:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 18:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 18:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 18:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 18:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 18:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 18:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 18:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 18:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 18:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 18:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 18:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 18:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 18:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 18:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 18:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 18:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 18:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 18:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 18:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 18:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 18:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 18:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 18:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 18:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 18:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 18:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 18:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 18:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 18:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 18:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 18:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 18:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 18:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 18:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 18:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 18:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 18:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 18:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 18:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 18:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 18:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 18:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 18:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 18:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 18:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 18:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 18:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 18:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 18:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 18:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 18:37 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 18:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 20:25 - 2015-05-12 20:25 - 00233472 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\SafeAppLM.ocx
2015-05-11 19:15 - 2015-05-23 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-11 19:15 - 2015-05-23 11:23 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-11 19:11 - 2015-05-11 19:11 - 01203488 _____ () C:\Users\Bonkers\Downloads\Firefox - CHIP-Installer.exe
2015-05-11 18:13 - 2015-05-11 18:13 - 00020835 _____ () C:\ComboFix.txt
2015-05-11 18:00 - 2015-05-11 18:13 - 00000000 ____D () C:\Qoobox
2015-05-11 18:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-11 18:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-11 18:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-11 18:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-11 18:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-11 18:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-11 18:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-11 18:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-11 17:01 - 2015-05-11 17:01 - 00347117 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-05-11.json
2015-05-10 20:43 - 2015-05-10 20:43 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Prompt Downloader
2015-05-10 20:40 - 2015-05-11 07:29 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\SpeedFox
2015-05-10 20:40 - 2015-05-10 20:40 - 00003094 _____ () C:\Windows\System32\Tasks\iren3006
2015-05-08 16:29 - 2015-05-08 16:59 - 288305479 _____ () C:\Users\Bonkers\Desktop\2012-04-21 - Christoph Boenigks 30. Geburtstag.zip
2015-05-07 20:37 - 2015-05-07 20:43 - 00000000 ____D () C:\Users\Bonkers\Desktop\Lappi HP 635
2015-05-07 18:58 - 2015-05-07 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-06 17:46 - 2015-05-06 17:47 - 00002562 _____ () C:\Windows\diagwrn.xml
2015-05-06 17:46 - 2015-05-06 17:47 - 00001908 _____ () C:\Windows\diagerr.xml
2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Nero
2015-05-06 17:31 - 2015-05-06 17:31 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2015-05-06 17:30 - 2015-05-06 17:31 - 00000000 ____D () C:\ProgramData\Nero
2015-05-06 17:30 - 2015-05-06 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-05-06 17:30 - 2015-05-06 17:30 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-05-05 21:00 - 2015-05-05 21:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-05-05 01:18 - 2015-05-05 01:18 - 03162112 _____ (CyberActiveX) C:\Windows\SysWOW64\UniSuitePlus_BDC0849A.ocx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 17:41 - 2015-01-07 13:33 - 00000000 ____D () C:\FRST
2015-05-29 17:41 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 17:41 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 17:38 - 2011-04-12 09:43 - 00699208 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 17:38 - 2011-04-12 09:43 - 00149348 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 17:38 - 2009-07-14 07:13 - 01619752 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 17:37 - 2014-11-21 19:25 - 01409113 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 17:34 - 2015-01-07 18:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0
2015-05-29 17:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 07:43 - 2014-11-21 22:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 18:09 - 2014-11-21 22:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3
2015-05-28 15:33 - 2014-11-21 22:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc
2015-05-28 15:17 - 2014-12-15 15:44 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent
2015-05-28 15:17 - 2014-11-21 21:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite
2015-05-28 15:15 - 2014-11-22 19:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps
2015-05-28 15:14 - 2014-12-26 10:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-27 17:36 - 2014-12-24 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 17:36 - 2014-12-24 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-27 17:36 - 2014-12-24 12:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-23 10:29 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-23 10:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-23 10:27 - 2014-11-21 19:25 - 00001648 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-23 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-23 09:58 - 2014-11-21 19:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-20 21:57 - 2015-04-04 14:36 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 21:57 - 2015-04-04 14:36 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 13:59 - 2014-11-21 21:03 - 00000000 ____D () C:\ProgramData\AMD
2015-05-20 13:59 - 2014-11-21 19:34 - 00000000 ____D () C:\Program Files\AMD
2015-05-20 13:58 - 2014-11-21 20:56 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-05-20 13:56 - 2014-11-21 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-05-20 13:55 - 2014-11-21 20:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-18 09:39 - 2014-11-21 19:26 - 00033561 _____ () C:\Windows\Ascd_tmp.ini
2015-05-18 09:39 - 2014-11-21 19:26 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-05-18 09:39 - 2014-11-21 19:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-05-18 08:52 - 2014-11-21 19:45 - 00000000 ____D () C:\ProgramData\Norton
2015-05-17 20:22 - 2014-11-21 19:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-15 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 10:45 - 2009-07-14 06:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 11:18 - 2014-11-21 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-14 11:18 - 2014-11-21 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 11:18 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 10:11 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2015-05-14 10:03 - 2014-11-23 11:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 22:10 - 2015-04-13 20:15 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-05-13 22:10 - 2015-04-13 20:15 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-05-11 18:18 - 2014-11-21 19:30 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Google
2015-05-11 18:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-11 17:56 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-11 17:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-11 07:29 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-07 18:57 - 2014-11-21 21:37 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 18:57 - 2014-11-21 21:37 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-01 15:52 - 2014-11-20 18:51 - 00000000 ____D () C:\Users\Bonkers\Desktop\Desktop 5

==================== Files in the root of some directories =======

2015-05-28 15:00 - 2015-05-29 17:36 - 1952848 _____ () C:\Users\Bonkers\AppData\Roaming\5.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Bonkers\AppData\Roaming\IKQVC
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Bonkers\AppData\Roaming\KJDTZZNB
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Bonkers\AppData\Roaming\MYOPH
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Bonkers\AppData\Roaming\XFUPFNOQ
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Bonkers\AppData\Roaming\yGc37UpPqrj0EHiP9sRU205O
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Bonkers\AppData\Roaming\ZIGV
2014-11-21 19:38 - 2014-11-21 19:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
C:\Users\Bonkers\AppData\Local\Temp\proxy_vole8730480923381236824.dll
C:\Users\Bonkers\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 11:36

==================== End of log ============================

09.01.2015, 14:00	#35
schrauber /// the machine /// TB-Ausbilder	$Troj.gen.zlob in C:\windows\system32\asfar.exe - Standard$ Troj.gen.zlob in C:\windows\system32\asfar.exe Alle Funde mit RogueKiller löschen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

12.01.2015, 09:41	#41
schrauber /// the machine /// TB-Ausbilder	$Troj.gen.zlob in C:\windows\system32\asfar.exe - Standard$ Troj.gen.zlob in C:\windows\system32\asfar.exe Jetzt bitte normal booten und nochmal testen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Troj.gen.zlob in C:\windows\system32\asfar.exe

Log-Analyse und Auswertung: Troj.gen.zlob in C:\windows\system32\asfar.exe