Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Tabs öffnet sich automatisch bei google chrome

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.02.2015, 19:17   #1
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Hallo liebe community

Ich bin selber nicht gerade auf den kopf gefallen was malware angeht und so ander kram da.

Ich habe adwcleaner und Malwarebytes Anti-Malware durch meinen Pc laufen lassen beide programme haben nichts gefunden. Dennoch öffnet sich bei Google Chrome neue Tabs wie z.B. diese seite:
hxxp://ilead.itrack.it/clients/DEYoufit/c19157/expiredpage.asp?campaignid=19157&websiteid=14073&scriptid=128149&subwebsiteid=&trackid=&viralref=0&leadwebsiteid=14073 oder
Postbank.de oder
https://www.tarifcheck24.com/kfz-versicherung/vergleich/
oder sonst so ein käse..

Ich weiss nicht mehr weiter wie ich das problemm beheben kann

Ich bitte um Hilfe

Alt 03.02.2015, 19:26   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 04.02.2015, 17:23   #3
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Nuclear (administrator) on NUCLEAR-PC on 03-02-2015 19:57:35
Running from D:\Übersicht\Programme
Loaded Profiles: Nuclear (Available profiles: Nuclear)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe
(Farbar) D:\Übersicht\Programme\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\MountPoints2: {bed726d4-3be8-11e4-94c6-0025226b1f74} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-03] (Microsoft Corporation)
Startup: C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk
ShortcutTarget: OPTISetup.lnk -> C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}\OPTISetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Firefox\Extensions: [{562F1FE6-9763-FF7B-444A-FE5DD2884927}] - C:\Program Files (x86)\ver3BetterMarkIt\186.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ch/
CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [567808 2015-02-01] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2
2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN
2015-02-03 01:59 - 2015-02-03 19:57 - 00000000 ____D () C:\FRST
2015-02-03 01:26 - 2015-02-03 01:26 - 00002247 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 01:25 - 2015-02-03 19:30 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 01:25 - 2015-02-03 17:04 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 01:25 - 2015-02-03 01:25 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 01:25 - 2015-02-03 01:25 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe
2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW
2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within
2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar
2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals
2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc
2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip
2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc
2015-02-02 16:22 - 2015-02-02 16:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891
2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\winengine
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software
2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted
2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG
2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent
2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent
2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent
2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent
2015-02-01 16:39 - 2015-02-01 16:39 - 02194432 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.109.exe
2015-02-01 16:37 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb
2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}
2015-02-01 16:35 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38
2015-02-01 16:31 - 2015-02-03 17:04 - 00001694 _____ () C:\Windows\Tasks\NQNSLJLG.job
2015-02-01 16:31 - 2015-02-01 16:51 - 00004728 _____ () C:\Windows\System32\Tasks\NQNSLJLG
2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk
2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-01 16:29 - 2015-02-03 18:27 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent
2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe
2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache
2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar
2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar
2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar
2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar
2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip
2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip
2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG
2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe
2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe
2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-10 04:16 - 2015-01-10 04:16 - 01174352 _____ () C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe
2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip
2015-01-08 22:55 - 2015-02-03 01:36 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe
2015-01-04 18:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-04 18:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 19:22 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client
2015-02-03 19:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 19:12 - 2009-07-14 05:51 - 00047138 _____ () C:\Windows\setupact.log
2015-02-03 17:16 - 2014-08-02 23:20 - 01490715 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 17:11 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:11 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 17:10 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 17:10 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 17:10 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 17:07 - 2014-08-03 18:42 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-03 17:04 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-03 17:04 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-03 17:04 - 2014-08-03 00:09 - 00199784 _____ () C:\Windows\PFRO.log
2015-02-03 17:04 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin
2015-02-03 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster
2015-02-03 11:52 - 2014-08-03 18:42 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment
2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log
2015-02-02 23:50 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live
2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-02 16:29 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite
2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-01 18:26 - 2014-10-24 12:03 - 00000968 _____ () C:\Users\Nuclear\Documents\aionmemo_f6e81e7f.dat
2015-01-29 15:45 - 2014-12-14 17:02 - 00000354 _____ () C:\Users\Nuclear\Documents\aionmemo_ 66aba67.dat
2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack
2015-01-25 19:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 19:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 19:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai
2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-10 13:25 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder
2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner
2015-01-07 21:45 - 2014-10-15 13:03 - 00000000 ____D () C:\Program Files\Google
2015-01-07 20:40 - 2014-10-15 13:03 - 00000000 ____D () C:\ProgramData\Google
2015-01-07 20:40 - 2014-08-02 23:30 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Google
2015-01-04 18:43 - 2014-08-18 13:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG

Some content of TEMP:
====================
C:\Users\Nuclear\AppData\Local\Temp\10B19BC3-BDA6-A256-60AC-241D2FCA44D4.dll
C:\Users\Nuclear\AppData\Local\Temp\10B19BC3-BDA6-A256-60AC-241D2FCA44D4.exe
C:\Users\Nuclear\AppData\Local\Temp\AutoRun.exe
C:\Users\Nuclear\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Nuclear\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\Nuclear\AppData\Local\Temp\D308ED95-DAD2-9C66-D5EE-F755A61EA1DF.exe
C:\Users\Nuclear\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Nuclear\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Nuclear\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Nuclear\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Nuclear\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Nuclear\AppData\Local\Temp\optprosetup.exe
C:\Users\Nuclear\AppData\Local\Temp\Runner2.exe
C:\Users\Nuclear\AppData\Local\Temp\Runner4.exe
C:\Users\Nuclear\AppData\Local\Temp\sonarinst.exe
C:\Users\Nuclear\AppData\Local\Temp\SpOrder.dll
C:\Users\Nuclear\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Nuclear\AppData\Local\Temp\ttv.exe
C:\Users\Nuclear\AppData\Local\Temp\uttF0AD.tmp.exe
C:\Users\Nuclear\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Nuclear\AppData\Local\Temp\~dl2A2B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---


war das richtig so?
__________________

Alt 05.02.2015, 07:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Perfekt, aber die Addition.txt fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 09:42   #5
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



wie oder wo finde ich den diese addition.txt ?
sry für diese blöde frage


Alt 05.02.2015, 11:58   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



FRST öffnen, Haken setzen bei Addition und scannen, poste dann bitte die Addition.txt.
__________________
--> Tabs öffnet sich automatisch bei google chrome

Alt 05.02.2015, 13:08   #7
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Nuclear at 2015-02-05 13:07:27
Running from D:\Übersicht\Programme
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version:  - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
diclovit's mod pack 9.5.2 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.5.2 - diclovit)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Gameforge Live 2.0.5 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\Steam App 319150) (Version:  - Yingpei Games)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KMSpico 3.1 (HKLM\...\KMSpico v3.1_is1) (Version: 3.1 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version:  - )
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1949 - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
winengine (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-02-2015 00:33:15 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05561F5F-D953-423A-A22E-0570C77FF3E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0F5B36A1-1346-43D5-8F90-7F34D509341A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {4B5AE347-4B9D-4F30-9CB6-50CE041DB192} - System32\Tasks\NQNSLJLG => C:\Users\Nuclear\AppData\Roaming\NQNSLJLG.exe <==== ATTENTION
Task: {6DA12E27-336C-4C8A-859A-D8F43A80BC3E} - System32\Tasks\KMS Activation => C:\Program Files\KMSpico\RandomFile.exe [2013-02-20] ()
Task: {BD30258D-476C-4496-B872-E521A79E6900} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {BE15544F-8E8D-4CF4-A0BF-B3AA3AD3E9DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {D15399E8-3AD0-45DC-8C1F-21AF94E2F351} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NQNSLJLG.job => C:\Users\Nuclear\AppData\Roaming\NQNSLJLG.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2014-08-03 00:16 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-12 13:34 - 2014-12-12 13:34 - 00511416 _____ () C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe
2014-08-18 13:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-03 18:42 - 2015-02-03 01:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-02 14:54 - 2015-02-01 20:48 - 00567808 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
2014-08-03 00:06 - 2015-01-27 11:53 - 01007104 _____ () D:\Übersicht\Programme\Origin\platforms\qwindows.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00023552 _____ () D:\Übersicht\Programme\Origin\imageformats\qgif.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00024576 _____ () D:\Übersicht\Programme\Origin\imageformats\qico.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00216576 _____ () D:\Übersicht\Programme\Origin\imageformats\qjpeg.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00261120 _____ () D:\Übersicht\Programme\Origin\imageformats\qmng.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00019456 _____ () D:\Übersicht\Programme\Origin\imageformats\qtga.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00337408 _____ () D:\Übersicht\Programme\Origin\imageformats\qtiff.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00018944 _____ () D:\Übersicht\Programme\Origin\imageformats\qwbmp.dll
2015-02-03 01:26 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-03 01:26 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-03 01:26 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: PDFPrint => D:\Übersicht\Programme\PDF24\pdf24.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3236316847-1076086714-31016914-500 - Administrator - Disabled)
Gast (S-1-5-21-3236316847-1076086714-31016914-501 - Limited - Disabled)
Nuclear (S-1-5-21-3236316847-1076086714-31016914-1000 - Administrator - Enabled) => C:\Users\Nuclear

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/05/2015 11:18:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/03/2015 11:40:54 AM) (Source: volsnap) (EventID: 35) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann.

Error: (02/02/2015 04:29:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/02/2015 04:13:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (02/02/2015 04:13:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (02/02/2015 02:58:14 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.

Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SecurityUtility Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/02/2015 02:57:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe

Error: (02/05/2015 11:18:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe

Error: (02/05/2015 11:18:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer.exe

Error: (02/05/2015 11:18:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\msi afterburner\MSIAfterburner.exe

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe

Error: (02/04/2015 00:28:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 28%
Total physical RAM: 12286.15 MB
Available physical RAM: 8819.71 MB
Total Pagefile: 24870.48 MB
Available Pagefile: 21115.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:9.81 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:695.72 GB) NTFS
Drive g: (NFSMW) (CDROM) (Total:2.13 GB) (Free:0 GB) UDF
Drive h: (BBQ) (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60275C42)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: A2450932)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)

==================== End Of Log ============================
         

Alt 05.02.2015, 14:58   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.02.2015, 17:07   #9
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Code:
ATTFilter
ComboFix 15-02-02.01 - Nuclear 05.02.2015  17:02:28.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.41.1031.18.12286.10010 [GMT 1:00]
ausgeführt von:: d:\_bersicht\Programme\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AGEIA Technologies\f07463c0-8a09-4ef2-b7bb-faea7d91eefb.dll
c:\program files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb\46da3db2-c661-4558-a6e0-3a5d8480a5be.dll
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-05 bis 2015-02-05  ))))))))))))))))))))))))))))))
.
.
2015-02-05 16:05 . 2015-02-05 16:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-03 10:49 . 2015-02-03 10:49	--------	d-----w-	c:\users\Nuclear\AppData\Local\ESN
2015-02-03 00:59 . 2015-02-05 12:07	--------	d-----w-	C:\FRST
2015-02-02 16:02 . 2015-02-02 16:02	--------	d-----w-	c:\users\Nuclear\AppData\Local\SKIDROW
2015-02-02 15:58 . 2015-02-02 15:58	--------	d-----w-	c:\users\Nuclear\AppData\Roaming\Steam
2015-02-02 15:57 . 2015-02-02 15:57	--------	d-----w-	c:\program files (x86)\The Evil Within
2015-02-02 15:22 . 2015-02-02 15:23	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-02 15:19 . 2015-02-02 15:19	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-02 15:19 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-02-02 15:19 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-02 15:19 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-02-02 14:12 . 2015-02-02 15:29	--------	d-----w-	c:\users\Nuclear\AppData\Local\12891
2015-02-02 13:54 . 2015-02-02 13:54	--------	d-----w-	c:\users\Nuclear\AppData\Local\winengine
2015-02-02 13:54 . 2015-01-27 16:31	344440	----a-w-	c:\windows\system32\ColorMedia64.dll
2015-02-02 13:54 . 2015-01-27 16:31	301168	----a-w-	c:\windows\SysWow64\ColorMedia.dll
2015-02-02 13:54 . 2015-02-02 13:54	--------	d-----w-	c:\programdata\SecurityUtility
2015-02-02 13:52 . 2015-02-02 13:53	--------	d-----w-	c:\users\Nuclear\AppData\Roaming\Opera Software
2015-02-02 13:52 . 2015-02-02 13:53	--------	d-----w-	c:\users\Nuclear\AppData\Local\Opera Software
2015-02-02 13:06 . 2007-04-04 17:53	81768	----a-w-	c:\windows\SysWow64\xinput1_3.dll
2015-02-01 15:37 . 2015-02-05 16:04	--------	d-----w-	c:\program files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb
2015-02-01 15:35 . 2015-02-02 15:29	--------	d-----w-	c:\program files (x86)\Optimizer Pro 3.38
2015-02-01 15:35 . 2015-02-02 15:30	--------	d-----w-	c:\programdata\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}
2015-02-01 15:29 . 2015-02-05 12:06	--------	d-----w-	c:\users\Nuclear\AppData\Roaming\uTorrent
2015-01-29 11:42 . 2015-01-29 11:42	--------	d-----w-	c:\windows\rescache
2015-01-27 11:00 . 2015-01-27 11:00	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-01-10 03:18 . 2015-02-02 13:47	--------	d-----w-	c:\programdata\WinZip
2015-01-08 21:55 . 2015-02-03 00:36	--------	d-----w-	C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-03 22:13 . 2014-08-03 17:42	215416	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-02-03 21:28 . 2014-08-03 17:42	215416	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2015-02-03 00:04 . 2014-08-03 17:42	76152	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2015-01-27 10:59 . 2014-08-30 21:22	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-25 18:12 . 2014-10-15 12:03	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 18:12 . 2014-10-15 12:03	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-15 16:29 . 2014-08-02 22:57	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2014-08-02 22:34	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2015-01-04 17:27	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2015-01-04 17:27	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-09 18:14	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 18:14	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 18:14	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 18:14	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 18:14	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-09 18:14	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-09 18:14	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 18:14	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 18:14	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 18:14	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 18:14	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 18:14	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 18:14	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 18:14	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 18:14	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 18:14	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 18:14	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 18:14	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 18:14	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 18:14	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 18:14	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 18:14	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 18:14	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 18:14	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 18:14	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 18:14	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 18:14	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 18:14	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 18:14	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 18:14	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 18:14	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 18:14	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 18:14	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 18:14	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 18:14	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 18:14	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 18:14	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 18:14	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 18:14	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 18:14	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 18:14	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 18:14	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 18:14	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 18:14	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 18:14	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 18:14	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 18:14	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 18:14	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-09 18:14	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 10:22	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 10:22	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 18:14	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 10:22	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 10:22	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 18:14	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 18:10	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 18:10	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-18 12:20	222920	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-18 12:20	222920	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-18 12:20	222920	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 00:41	1729744	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\übersicht\Programme\Origin\Origin.exe" [2015-01-27 3619160]
"Akamai NetSession Interface"="c:\users\Nuclear\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"uTorrent"="c:\users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe" [2015-02-01 1736784]
"DAEMON Tools Lite"="d:\übersicht\Programme\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"winengine"="c:\users\Nuclear\AppData\Local\winengine\rkr0.exe" [2014-12-12 511416]
"winengine2"="c:\users\Nuclear\AppData\Local\winengine\rkr1.exe" [2014-12-12 511416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 4ef60154;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SecurityUtility Service;SecurityUtility Service;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;d:\übersicht\Programme\Origin\OriginClientService.exe;d:\übersicht\Programme\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 cthdb;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\cthdb.sys;c:\windows\SYSNATIVE\DRIVERS\cthdb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-03 00:26	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-15 18:12]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03 00:25]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03 00:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-18 12:20	261832	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-18 12:20	261832	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-18 12:20	261832	----a-w-	c:\users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OPTISetup.lnk - c:\programdata\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}\OPTISetup.exe /startup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-05  17:07:02
ComboFix-quarantined-files.txt  2015-02-05 16:07
.
Vor Suchlauf: 9 Verzeichnis(se), 10'590'486'528 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 12'021'805'056 Bytes frei
.
- - End Of File - - 94FA6C9C90C9E6F1AEA381C84E63BAA5
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 06.02.2015, 07:18   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 13:11   #11
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.02.2015
Suchlauf-Zeit: 12:58:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.06.04
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Nuclear

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337603
Verstrichene Zeit: 4 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 1
PUP.Optional.BetterMarkit.A, HKU\S-1-5-21-3236316847-1076086714-31016914-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{562F1FE6-9763-FF7B-444A-FE5DD2884927}, C:\Program Files (x86)\ver3BetterMarkIt\186.xpi, In Quarantäne, [f646190297f3181e0f0a166fda29fb05]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 13:06:43
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Nuclear - NUCLEAR-PC
# Gestarted von : D:\Übersicht\Programme\adwcleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\SecurityUtility

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [6586 Bytes] - [08/01/2015 22:55:25]
AdwCleaner[R1].txt - [16759 Bytes] - [01/02/2015 16:39:06]
AdwCleaner[R2].txt - [15726 Bytes] - [01/02/2015 16:57:06]
AdwCleaner[R3].txt - [11413 Bytes] - [02/02/2015 14:56:16]
AdwCleaner[R4].txt - [1858 Bytes] - [02/02/2015 16:16:38]
AdwCleaner[R5].txt - [1514 Bytes] - [03/02/2015 01:35:38]
AdwCleaner[R6].txt - [1622 Bytes] - [06/02/2015 13:05:52]
AdwCleaner[S0].txt - [5518 Bytes] - [08/01/2015 22:57:02]
AdwCleaner[S1].txt - [15252 Bytes] - [01/02/2015 16:40:25]
AdwCleaner[S2].txt - [14265 Bytes] - [01/02/2015 16:58:04]
AdwCleaner[S3].txt - [10292 Bytes] - [02/02/2015 14:57:16]
AdwCleaner[S4].txt - [1544 Bytes] - [06/02/2015 13:06:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1603  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Nuclear on 06.02.2015 at 13:09:50.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.02.2015 at 13:11:38.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 06.02.2015, 19:17   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 20:39   #13
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6f29760b7be884428be7527203b8b1ab
# engine=22344
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-06 07:19:45
# local_time=2015-02-06 08:19:45 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 22205 174880235 0 0
# scanned=210210
# found=53
# cleaned=0
# scan_time=2964
sh=CF59E252FFEFFE31ED717F5EEDF0C855DDCEA2ED ft=1 fh=d6ace26548b9a575 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mbot_de_481.exe.vir"
sh=1B9445EF3BD4D79AF91C32CB60F5BE9161F8B2EB ft=1 fh=2be33240f1c467c0 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mybestofferstoday_widget.exe.vir"
sh=1AEC8F53BF03FF75101D0B365EA3EE878B8CE29C ft=1 fh=74af2eb85d1a1dd9 vn="Win32/Adware.EoRezo Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\predm.exe.vir"
sh=F3E870FD4836424683C4F476C03AC08964CC5EF7 ft=1 fh=a0c6b0b29c310285 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\PCSUSD.exe.vir"
sh=276E83CAA14B82DE152FBF65C85C28CD21645CE6 ft=1 fh=c71c0011efacecf3 vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\186.dll.vir"
sh=6823CCB9FED40FB56DD6D8D226046ECCBFE4E454 ft=1 fh=08e616eb9cd887e3 vn="Variante von Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\186_x64.dll.vir"
sh=1ACBC1BDEC80F04F2086D471D6DB8B019B93A673 ft=1 fh=c71c0011fc1cf747 vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\Q5BetterMarkItk73.exe.vir"
sh=5659A04B16754E35D4F226493F4538923EFC3BD7 ft=1 fh=15b3426f6b360316 vn="Variante von Win32/Adware.AddLyrics.DR Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\Uninstall.exe.vir"
sh=BFBB7026DAAFE1E489ACF139C7F2DF48750F3A0F ft=1 fh=179fb434bbd650aa vn="Variante von Win64/Adware.AddLyrics.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\x64\TandemRunner.exe.vir"
sh=B1911DBDF4C932E5CC57C190D1D955CA69030DA8 ft=1 fh=aa6362cc6d289960 vn="Variante von Win64/Adware.AddLyrics.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver3BetterMarkIt\x64\webinstrNHKT.sys.vir"
sh=D2C25B6C6F59D9F43D907521D7BEC86B9A8AB462 ft=1 fh=8e0948405872c904 vn="Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"
sh=2BD8234E4C79325C128724F9D8DAB236F5F8F799 ft=1 fh=0a40ee0c805fecf5 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=AF36570D737043FEBEC5FA3DDB416A4CF5FDFBE9 ft=1 fh=c71c0011100f33aa vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=3F007BDE51A84CC344EF028C49FF6EF3890110F0 ft=1 fh=c71c001158a000fe vn="Variante von Win32/ELEX.BD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir"
sh=B06EE6E97D30DB38C3E8FEA66B396DB00EC79616 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\Application\36.0.1985.136\default_apps\crossbrowser.crx.vir"
sh=05F6C33F5A45CD34A9CAF61E295E886922448732 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\Application\36.0.1985.136\Installer\chrome.7z.vir"
sh=61F9BC47D4A20E5DF317152C1D3BFC1D8ADFD692 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Cache\f_000002.vir"
sh=03517F89D3F20D2D4E2B1A956F8248C9DA9FFC18 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir"
sh=5940717A6A86915D48680C391DB9EDB7ABFB9723 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\BoBrowser\User Data\Default\Local Extension Settings\ebpeonjdeofpjegbdiibbdjlgfohngee\000003.log.vir"
sh=072B9A796EEAC18211254A8373E1210888C4E16D ft=1 fh=8dcf6696cfc54429 vn="Variante von Win32/Adware.AdService.R Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\ConvertAd\CASrv.exe.vir"
sh=3475A4F6473B2DEF61185B301C40C95F91216E2B ft=1 fh=cd80765bc23b38d3 vn="Variante von Win32/Adware.EoRezo.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\mbot_de_481\upmbot_de_481.exe.vir"
sh=1C615B43E780FB434AA3F923C6195A1BBBF34C9C ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=81F0094308FF9A5F252886C54BFC5FB15EECAC74 ft=1 fh=5037554ed28ea485 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=FA0859DA11AB230D50D067FDAA004C347639C0A8 ft=1 fh=d3293794fb729c89 vn="Variante von Win32/Adware.AdService.M Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\SoftwareUpdater\SUsrv.exe.vir"
sh=31C6C6F1B05B2145C6E4D490798BD3DAAE1B4D13 ft=1 fh=c71c0011d52ac9c0 vn="Variante von Win32/Adware.ConvertAd.R Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\SoftwareUpdater\UpdateNotifier.exe.vir"
sh=475F248095D35E333ADF2F38B02424DEBEE83F04 ft=1 fh=62a3e0d8b40d4617 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=3E4DF6FFFC0238FCE9AEB5A73CB5211E85EC7EB4 ft=1 fh=d794d9d91e2a34cf vn="Variante von Win32/Adware.AdService.K Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nuclear\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=3823C862C561D0CAEE9529E3D219F279E3F94FD6 ft=1 fh=b645ea40dd7eb557 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=B1911DBDF4C932E5CC57C190D1D955CA69030DA8 ft=1 fh=aa6362cc6d289960 vn="Variante von Win64/Adware.AddLyrics.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\webinstrNHKT.sys.vir"
sh=C699BFF5F4BBC017B0757E4394C52BB7B7058BE6 ft=1 fh=31e396bf9f1b9275 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\Program Files (x86)\Optimizer Pro 3.38\OptimizerPro.exe"
sh=80025FEA811D2E1B97DE4E654F6BBED48329C463 ft=1 fh=64f0c1ce307b02ca vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AGEIA Technologies\f07463c0-8a09-4ef2-b7bb-faea7d91eefb.dll.vir"
sh=80025FEA811D2E1B97DE4E654F6BBED48329C463 ft=1 fh=64f0c1ce307b02ca vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb\46da3db2-c661-4558-a6e0-3a5d8480a5be.dll.vir"
sh=61445CF141ED133F87389743CD88AB1CCB9E3772 ft=1 fh=7907f7fc610451a2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\AppData\Roaming\NQNSLJLG"
sh=7FF22B1F6E821EDF48A6AFD3DB82C02C8D7B60C8 ft=1 fh=9a3416838252b142 vn="Variante von Win32/InstallCore.QD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\microsoft_excel.exe"
sh=E04C7533D6936063DB02CD7D99592ECE413A41A6 ft=0 fh=0000000000000000 vn="Variante von Generik.MFQUIDY Trojaner" ac=I fn="C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload"
sh=E04C7533D6936063DB02CD7D99592ECE413A41A6 ft=0 fh=0000000000000000 vn="Variante von Generik.MFQUIDY Trojaner" ac=I fn="C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload"
sh=F8746A3128A40298930DB0CE96E1845FD02017F6 ft=1 fh=cfe3f68acb30f740 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe"
sh=0FA7B7FA5557EE7F09871F26D38C3D09AEF19AC0 ft=1 fh=778cb7f8622b45b1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe"
sh=C09C76AA48CB1016C9B1FA80AEE6B095D93046FA ft=1 fh=937c6721bc02c7bf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe"
sh=BC80CCCFC592CE386E747BF616EB381689F9E9CE ft=0 fh=0000000000000000 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO"
sh=A0037C3C3E60635D1714AC7119EE96693680B973 ft=1 fh=6db4d990e5cc9378 vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung" ac=I fn="D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe"
sh=FD65226CA94B9D1973555025B4013DF29F14B812 ft=1 fh=bcb93d1cebe5c890 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll"
sh=219C1043B7C1ED9DDE26494CBE65437C345B7BE7 ft=1 fh=2b97162a16c9e0ba vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="D:\Übersicht\Spiele\NFS Rivals\NFS14.exe"
         
Code:
ATTFilter
 unsupported operating system! Aborted!
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Nuclear (administrator) on NUCLEAR-PC on 06-02-2015 20:39:22
Running from D:\Übersicht\Programme
Loaded Profiles: Nuclear (Available profiles: Nuclear)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() D:\Übersicht\Spiele\RADS\system\rads_user_kernel.exe
() D:\Übersicht\Spiele\RADS\projects\lol_launcher\releases\0.0.0.234\deploy\LoLLauncher.exe
() D:\Übersicht\Spiele\RADS\projects\lol_patcher\releases\0.0.0.18\deploy\LoLPatcher.exe
() D:\Übersicht\Spiele\RADS\projects\lol_air_client\releases\0.0.1.127\deploy\LolClient.exe
(Alexander Roshal) D:\Übersicht\Programme\WinRAR.exe
(Alexander Roshal) D:\Übersicht\Programme\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Übersicht\Spiele\RADS\solutions\lol_game_client_sln\releases\0.0.1.74\deploy\League of Legends.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) D:\Übersicht\Programme\FRST64 (4).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3236316847-1076086714-31016914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ch/
CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 19:28 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-06 18:24 - 2015-02-06 18:24 - 00000698 _____ () C:\Users\Public\Desktop\ASRock OC Tuner.lnk
2015-02-06 18:24 - 2015-02-06 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2015-02-06 18:21 - 2015-02-06 18:21 - 00000833 _____ () C:\Users\Nuclear\Desktop\MSI Afterburner.lnk
2015-02-06 13:11 - 2015-02-06 13:11 - 00000697 _____ () C:\Users\Nuclear\Desktop\JRT.txt
2015-02-06 13:03 - 2015-02-06 13:03 - 00001462 _____ () C:\Users\Nuclear\Desktop\mbam.txt
2015-02-05 17:07 - 2015-02-05 17:07 - 00023627 _____ () C:\ComboFix.txt
2015-02-05 17:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 17:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 17:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 16:59 - 2015-02-05 17:07 - 00000000 ____D () C:\Qoobox
2015-02-05 16:59 - 2015-02-05 17:06 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 13:24 - 2015-02-05 13:24 - 00000000 ____D () C:\Users\Nuclear\Documents\BlackshotScreenshot
2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2
2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN
2015-02-03 01:59 - 2015-02-06 20:39 - 00000000 ____D () C:\FRST
2015-02-03 01:26 - 2015-02-05 20:37 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 01:25 - 2015-02-06 20:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 01:25 - 2015-02-06 13:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 01:25 - 2015-02-05 00:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 01:25 - 2015-02-05 00:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe
2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW
2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within
2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar
2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals
2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc
2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip
2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc
2015-02-02 16:22 - 2015-02-06 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891
2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\winengine
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData
2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software
2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted
2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG
2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent
2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent
2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent
2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent
2015-02-01 16:37 - 2015-02-05 17:04 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb
2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}
2015-02-01 16:35 - 2015-02-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.38
2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk
2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-01 16:29 - 2015-02-06 20:38 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent
2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe
2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache
2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar
2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar
2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar
2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar
2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip
2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip
2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG
2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe
2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe
2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-10 04:16 - 2015-01-10 04:16 - 01174352 _____ () C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe
2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip
2015-01-08 22:55 - 2015-02-06 13:06 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 20:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 19:53 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client
2015-02-06 18:41 - 2014-08-02 23:20 - 01714835 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 18:21 - 2014-08-03 23:14 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-06 15:39 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder
2015-02-06 15:39 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live
2015-02-06 13:14 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 13:14 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 13:12 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-06 13:12 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-06 13:12 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 13:07 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-06 13:07 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 13:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 13:07 - 2009-07-14 05:51 - 00047922 _____ () C:\Windows\setupact.log
2015-02-06 09:49 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 09:48 - 2014-08-03 00:09 - 00207386 _____ () C:\Windows\PFRO.log
2015-02-05 20:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 20:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 20:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 17:04 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-05 17:01 - 2014-10-16 00:39 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-05 09:54 - 2014-09-27 08:02 - 00000826 _____ () C:\Users\Nuclear\Desktop\Neues Textdokument.txt
2015-02-03 23:13 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-03 22:28 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster
2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment
2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log
2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite
2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack
2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai
2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner
2015-01-07 21:45 - 2014-10-15 13:03 - 00000000 ____D () C:\Program Files\Google
2015-01-07 20:40 - 2014-10-15 13:03 - 00000000 ____D () C:\ProgramData\Google
2015-01-07 20:40 - 2014-08-02 23:30 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Google

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG

Some content of TEMP:
====================
C:\Users\Nuclear\AppData\Local\Temp\Quarantine.exe
C:\Users\Nuclear\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 07.02.2015, 12:09   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Optimizer Pro 3.38

C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Nuclear\AppData\Roaming\NQNSLJLG

C:\Users\Nuclear\Downloads\microsoft_excel.exe

C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload

C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload

C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe

C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe

D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe

D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO

D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe

D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll

D:\Übersicht\Spiele\NFS Rivals\NFS14.exe
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X]
C:\Users\Nuclear\AppData\Local\winengine
S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] ()
S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X]
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.02.2015, 15:24   #15
Nuclear2015
 
Tabs öffnet sich automatisch bei google chrome - Standard

Tabs öffnet sich automatisch bei google chrome



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Nuclear at 2015-02-07 15:16:06 Run:1
Running from C:\Users\Nuclear\Desktop
Loaded Profiles: Nuclear (Available profiles: Nuclear)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Optimizer Pro 3.38

C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe

C:\Users\Nuclear\AppData\Roaming\NQNSLJLG

C:\Users\Nuclear\Downloads\microsoft_excel.exe

C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload

C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload

C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe

C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe

D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe

D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO

D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe

D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll

D:\Übersicht\Spiele\NFS Rivals\NFS14.exe
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine] => C:\Users\Nuclear\AppData\Local\winengine\rkr0.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [winengine2] => C:\Users\Nuclear\AppData\Local\winengine\rkr1.exe [511416 2014-12-12] ()
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [ASRockOCTuner] => [X]
C:\Users\Nuclear\AppData\Local\winengine
S2 4ef60154; c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll [1633848 2015-02-01] ()
S2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe -p "Covus" -c "Covus_Coupons" -s "CCC9" -i "1984204" -g "" [X]
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Nuclear\AppData\Roaming\NQNSLJLG
Emptytemp:
         
*****************

C:\Program Files (x86)\Optimizer Pro 3.38 => Moved successfully.
C:\Users\Nuclear\AppData\Local\Temp\DMR\dmr_72.exe => Moved successfully.
C:\Users\Nuclear\AppData\Roaming\NQNSLJLG => Moved successfully.
C:\Users\Nuclear\Downloads\microsoft_excel.exe => Moved successfully.
C:\Users\Nuclear\Downloads\Nicht bestätigt 428109.crdownload => Moved successfully.
C:\Users\Nuclear\Downloads\Nicht bestätigt 70124.crdownload => Moved successfully.
C:\Users\Nuclear\Downloads\Origin EA Download Manager - CHIP-Installer.exe => Moved successfully.
C:\Users\Nuclear\Downloads\WinZip 64 Bit - CHIP-Installer.exe => Moved successfully.
D:\Übersicht\Programme\MSI Afterburner - CHIP-Installer.exe => Moved successfully.
D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD.ISO => Moved successfully.
D:\Übersicht\Spiele\Need For Speed Most Wanted PC DVD\NFSMWBE PC DVD\Crack\Daemon Tools v4\daemon400.exe => Moved successfully.
D:\Übersicht\Spiele\NFS Rivals\nfs14.3dm.dll => Moved successfully.
D:\Übersicht\Spiele\NFS Rivals\NFS14.exe => Moved successfully.
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winengine => value deleted successfully.
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winengine2 => value deleted successfully.
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => value deleted successfully.
C:\Users\Nuclear\AppData\Local\winengine => Moved successfully.
4ef60154 => Service deleted successfully.
SecurityUtility Service => Service deleted successfully.
"C:\Users\Nuclear\AppData\Roaming\NQNSLJLG" => File/Directory not found.
EmptyTemp: => Removed 833.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:16:50 ====
         
ich weiss nicht ob das so richtig gewesen ist


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Nuclear (administrator) on NUCLEAR-PC on 07-02-2015 15:22:34
Running from C:\Users\Nuclear\Desktop
Loaded Profiles: Nuclear (Available profiles: Nuclear)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Electronic Arts) D:\Übersicht\Programme\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamSpeak Systems GmbH) D:\Übersicht\Programme\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Nuclear\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [EADM] => D:\Übersicht\Programme\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [uTorrent] => C:\Users\Nuclear\AppData\Roaming\uTorrent\uTorrent.exe [1736784 2015-02-01] (BitTorrent Inc.)
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Run: [DAEMON Tools Lite] => D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3236316847-1076086714-31016914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3236316847-1076086714-31016914-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3236316847-1076086714-31016914-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Übersicht\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ch/
CHR StartupUrls: Default -> "https://www.google.ch/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Google-Suche) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (AdBlock) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-11]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Google Mail) - C:\Users\Nuclear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
S3 Origin Client Service; D:\Übersicht\Programme\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-03] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 15:22 - 2015-02-07 15:22 - 00013475 _____ () C:\Users\Nuclear\Desktop\FRST.txt
2015-02-07 15:16 - 2015-02-07 15:09 - 02131968 _____ (Farbar) C:\Users\Nuclear\Desktop\FRST64 (1).exe
2015-02-06 22:20 - 2015-02-06 22:20 - 00000743 _____ () C:\Users\Public\Desktop\The Evil Within.lnk
2015-02-06 22:20 - 2015-02-06 22:20 - 00000743 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk
2015-02-06 19:28 - 2015-02-06 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-06 18:24 - 2015-02-06 18:24 - 00000698 _____ () C:\Users\Public\Desktop\ASRock OC Tuner.lnk
2015-02-06 18:24 - 2015-02-06 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2015-02-06 18:21 - 2015-02-06 18:21 - 00000833 _____ () C:\Users\Nuclear\Desktop\MSI Afterburner.lnk
2015-02-06 13:11 - 2015-02-06 13:11 - 00000697 _____ () C:\Users\Nuclear\Desktop\JRT.txt
2015-02-06 13:03 - 2015-02-06 13:03 - 00001462 _____ () C:\Users\Nuclear\Desktop\mbam.txt
2015-02-05 17:07 - 2015-02-05 17:07 - 00023627 _____ () C:\ComboFix.txt
2015-02-05 17:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 17:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 17:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 17:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 16:59 - 2015-02-05 17:07 - 00000000 ____D () C:\Qoobox
2015-02-05 16:59 - 2015-02-05 17:06 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 13:24 - 2015-02-05 13:24 - 00000000 ____D () C:\Users\Nuclear\Documents\BlackshotScreenshot
2015-02-03 11:50 - 2015-02-03 11:52 - 00000000 ____D () C:\Users\Nuclear\Documents\BFH Beta 2
2015-02-03 11:49 - 2015-02-03 11:49 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\ESN
2015-02-03 01:59 - 2015-02-07 15:22 - 00000000 ____D () C:\FRST
2015-02-03 01:26 - 2015-02-05 20:37 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-03 01:26 - 2015-02-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-03 01:25 - 2015-02-07 15:17 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 01:25 - 2015-02-07 14:35 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 01:25 - 2015-02-05 00:30 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 01:25 - 2015-02-05 00:30 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 01:05 - 2015-02-03 01:05 - 00000834 _____ () C:\Users\Public\Desktop\Battlefield Hardline Beta.lnk
2015-02-03 01:05 - 2015-02-03 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield Hardline Beta
2015-02-02 22:42 - 2015-02-02 22:42 - 01533584 _____ () C:\Users\Nuclear\Downloads\battlelog-web-plugins_2.6.2_157.exe
2015-02-02 17:02 - 2015-02-02 17:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\SKIDROW
2015-02-02 16:58 - 2015-02-02 16:58 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Steam
2015-02-02 16:57 - 2015-02-02 16:57 - 00000000 ____D () C:\Program Files (x86)\The Evil Within
2015-02-02 16:50 - 2015-02-02 16:55 - 159477620 _____ () C:\Users\Nuclear\Downloads\The.Evil.Within.Update.1-CODEX.rar
2015-02-02 16:38 - 2015-02-02 16:38 - 00000866 _____ () C:\Users\Public\Desktop\NFS Rivals x86.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000842 _____ () C:\Users\Public\Desktop\NFS Rivals.lnk
2015-02-02 16:38 - 2015-02-02 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Rivals
2015-02-02 16:28 - 2015-02-02 16:28 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3 (1).dlc
2015-02-02 16:25 - 2015-02-02 16:25 - 31419822 _____ () C:\Users\Nuclear\Downloads\JDownloader.zip
2015-02-02 16:25 - 2015-02-02 16:25 - 00001156 _____ () C:\Users\Nuclear\Downloads\9jcd2enskfu3.dlc
2015-02-02 16:22 - 2015-02-06 12:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 16:19 - 2015-02-02 16:22 - 00000849 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-02 16:19 - 2015-02-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-02 16:19 - 2015-02-02 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 16:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-02 16:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-02 15:12 - 2015-02-02 16:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\12891
2015-02-02 15:02 - 2015-02-02 15:09 - 478256047 _____ () C:\Users\Nuclear\Downloads\NFS_Language_DE_EN_Patch.rar
2015-02-02 14:54 - 2015-02-02 14:54 - 00000000 ____D () C:\ProgramData\SecurityUtilityData
2015-02-02 14:54 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-02 14:54 - 2015-01-27 17:31 - 00301168 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Opera Software
2015-02-02 14:52 - 2015-02-02 14:53 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Opera Software
2015-02-02 14:06 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Nuclear\Documents\NFS Most Wanted
2015-02-02 11:38 - 2015-02-02 11:38 - 00000707 _____ () C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
2015-02-02 11:37 - 2015-02-02 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-02-02 11:19 - 2015-02-02 12:02 - 04676570 _____ () C:\Users\Nuclear\Desktop\DIAG.LOG
2015-02-02 11:17 - 2015-02-02 11:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-01 21:06 - 2015-02-01 21:06 - 00023010 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.most.wanted.torrent
2015-02-01 21:05 - 2015-02-01 21:05 - 00039930 _____ () C:\Users\Nuclear\Downloads\[kickass.so]need.for.speed.rivals.no.origin.crack.fix.anuj.torrent
2015-02-01 20:20 - 2015-02-01 20:20 - 00086134 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.2014.reloaded.torrent
2015-02-01 17:13 - 2015-02-01 17:13 - 00032971 _____ () C:\Users\Nuclear\Downloads\[kickass.so]the.evil.within.update.1.2014.pc.repack.by.r.g.freedom.torrent
2015-02-01 16:37 - 2015-02-05 17:04 - 00000000 ____D () C:\Program Files (x86)\f07463c0-8a09-4ef2-b7bb-faea7d91eefb
2015-02-01 16:35 - 2015-02-02 16:30 - 00000000 ____D () C:\ProgramData\{bc9a1b3f-dfaa-dce7-bc9a-a1b3fdfa6cff}
2015-02-01 16:30 - 2015-02-01 16:30 - 00000815 _____ () C:\Users\Nuclear\Desktop\µTorrent.lnk
2015-02-01 16:30 - 2015-02-01 16:30 - 00000795 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-01 16:29 - 2015-02-07 15:17 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\uTorrent
2015-02-01 16:29 - 2015-02-01 16:29 - 01736784 _____ (BitTorrent Inc.) C:\Users\Nuclear\Downloads\uTorrent_3.4.2_Build_38397.exe
2015-01-29 12:42 - 2015-01-29 12:42 - 00000000 ____D () C:\Windows\rescache
2015-01-27 12:52 - 2015-01-27 12:52 - 10220477 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_TURRET_TRAVERSE_SOUND_v1.69.rar
2015-01-27 12:37 - 2015-01-27 12:39 - 179473579 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.03_UNCUT_Addon.rar
2015-01-27 12:36 - 2015-01-27 12:39 - 179471096 _____ () C:\Users\Nuclear\Downloads\[0.9.5]WWIIHWA_Ambiente_v4.02_UNCUT_Addon.rar
2015-01-27 12:34 - 2015-01-27 12:34 - 06375513 _____ () C:\Users\Nuclear\Downloads\[0.9.1]WWIIHWA_Ingame_Voices_GERMAN.rar
2015-01-27 12:32 - 2015-01-27 12:32 - 01232054 _____ () C:\Users\Nuclear\Downloads\fontok_WOThoz.zip
2015-01-27 02:49 - 2015-01-27 02:59 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse (1).zip
2015-01-27 02:44 - 2015-01-27 02:44 - 24075564 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.2_setup.exe
2015-01-14 16:49 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:49 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:49 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:49 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:49 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:49 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:49 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:49 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:49 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:49 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:49 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 19:13 - 2015-01-12 19:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nuclear\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 23:02 - 2015-01-11 23:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-11 23:02 - 2015-01-11 23:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-01-11 22:54 - 2015-01-11 22:54 - 07718224 _____ (TeamViewer GmbH) C:\Users\Nuclear\Downloads\TeamViewer_Setup_de.exe
2015-01-10 04:28 - 2015-01-10 04:28 - 24076445 _____ (diclovit ) C:\Users\Nuclear\Downloads\dmp_9.5.1_setup.exe
2015-01-10 04:18 - 2015-02-02 14:47 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-10 04:11 - 2015-01-10 04:13 - 338494938 _____ () C:\Users\Nuclear\Downloads\Gnomefather_s_Engines_0.583_for_Curse.zip
2015-01-08 22:55 - 2015-02-06 13:06 - 00000000 ____D () C:\AdwCleaner
2015-01-08 22:54 - 2015-01-08 22:55 - 02191360 _____ () C:\Users\Nuclear\Downloads\adwcleaner_4.107.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 15:21 - 2014-08-02 23:20 - 01776031 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 15:18 - 2014-10-31 10:36 - 00000000 ____D () C:\Program Files\KMSpico
2015-02-07 15:18 - 2014-08-03 00:02 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\TS3Client
2015-02-07 15:17 - 2014-08-03 00:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 15:17 - 2014-08-03 00:09 - 00214988 _____ () C:\Windows\PFRO.log
2015-02-07 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 15:17 - 2009-07-14 05:51 - 00048426 _____ () C:\Windows\setupact.log
2015-02-07 15:12 - 2014-10-15 13:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-07 11:52 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 11:52 - 2009-07-14 05:45 - 00023072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 11:50 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-02-07 11:50 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-02-07 11:50 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-07 11:45 - 2014-08-03 00:04 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 21:31 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-06 18:21 - 2014-08-03 23:14 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-06 15:39 - 2014-10-26 22:14 - 00000000 ____D () C:\Users\Nuclear\Desktop\Bilder
2015-02-06 15:39 - 2014-10-10 20:21 - 00000000 ____D () C:\Users\Nuclear\Downloads\Gameforge Live
2015-02-05 20:12 - 2014-10-15 13:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 20:12 - 2014-10-15 13:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 20:12 - 2014-10-15 13:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 17:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 17:04 - 2014-10-09 21:56 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-05 17:01 - 2014-10-16 00:39 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-05 09:54 - 2014-09-27 08:02 - 00000826 _____ () C:\Users\Nuclear\Desktop\Neues Textdokument.txt
2015-02-03 23:13 - 2014-08-03 18:42 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-03 17:04 - 2014-08-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-03 11:52 - 2014-08-03 19:08 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\PunkBuster
2015-02-03 01:26 - 2014-08-02 23:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-03 01:25 - 2014-08-02 23:29 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Deployment
2015-02-03 01:05 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-03 01:04 - 2014-08-03 18:42 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-03 01:04 - 2014-08-03 18:40 - 00141419 _____ () C:\Windows\DirectX.log
2015-02-02 16:30 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-02 14:57 - 2014-08-02 23:20 - 00001182 _____ () C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-02 11:24 - 2014-08-18 13:01 - 00000000 ____D () C:\Users\Nuclear\AppData\Roaming\DAEMON Tools Lite
2015-02-02 11:24 - 2014-08-18 13:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-02-01 20:16 - 2014-08-03 23:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-27 12:01 - 2014-08-30 22:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-27 12:00 - 2014-10-15 13:01 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-27 11:59 - 2014-08-30 22:22 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-27 11:59 - 2014-08-30 22:22 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-27 02:46 - 2014-08-06 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\diclovit's mod pack
2015-01-15 17:31 - 2014-08-02 23:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 17:29 - 2014-08-02 23:57 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 17:26 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 22:34 - 2014-08-30 21:54 - 00000000 ____D () C:\Users\Nuclear\AppData\Local\Akamai
2015-01-13 22:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-12 16:50 - 2014-08-02 23:29 - 00072912 _____ () C:\Users\Nuclear\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 16:50 - 2009-07-14 05:45 - 00331704 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 23:02 - 2014-08-17 23:25 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-08 22:58 - 2014-10-31 11:03 - 00000000 ____D () C:\Users\Nuclear\Desktop\Neuer Ordner

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 02:38

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Nuclear at 2015-02-07 15:22:53
Running from C:\Users\Nuclear\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASRock OC Tuner v2.4.9 (HKLM-x32\...\ASRock OC Tuner_is1) (Version:  - )
AuraKingdom-DE (HKLM-x32\...\AuraKingdom-DE) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield™ Hardline-Beta (HKLM-x32\...\{F5526D9D-13AD-4270-8707-AC921D168299}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlackShot Á¦°Å (HKLM-x32\...\BlackShot) (Version:  - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
diclovit's mod pack 9.5.2 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.5.2 - diclovit)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hazard Ops (HKLM-x32\...\Steam App 319150) (Version:  - Yingpei Games)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KMSpico 3.1 (HKLM\...\KMSpico v3.1_is1) (Version: 3.1 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PDF Editor 64bit 4 (HKLM\...\PDF Editor 64bit 4) (Version:  - )
PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1949 - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
winengine (HKU\S-1-5-21-3236316847-1076086714-31016914-1000\...\winengine) (Version: 20.020 - Ad business Crown Solutions)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3236316847-1076086714-31016914-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nuclear\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-05 17:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05561F5F-D953-423A-A22E-0570C77FF3E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0F5B36A1-1346-43D5-8F90-7F34D509341A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {6DA12E27-336C-4C8A-859A-D8F43A80BC3E} - System32\Tasks\KMS Activation => C:\Program Files\KMSpico\RandomFile.exe [2013-02-20] ()
Task: {BD30258D-476C-4496-B872-E521A79E6900} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {BE15544F-8E8D-4CF4-A0BF-B3AA3AD3E9DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D15399E8-3AD0-45DC-8C1F-21AF94E2F351} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-03 00:16 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-18 13:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-03 18:42 - 2015-02-03 01:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-28 10:14 - 2014-02-28 10:14 - 00173568 _____ () D:\Übersicht\Programme\quazip.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 01080832 _____ () D:\Übersicht\Programme\platforms\qwindows.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00833024 _____ () D:\Übersicht\Programme\sqldrivers\qsqlite.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00233984 _____ () D:\Übersicht\Programme\imageformats\qjpeg.dll
2014-06-20 08:48 - 2014-08-06 19:47 - 00102344 _____ () D:\Übersicht\Programme\soundbackends\directsound_win64.dll
2014-06-20 08:49 - 2014-08-06 19:47 - 00108488 _____ () D:\Übersicht\Programme\soundbackends\windowsaudiosession_win64.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00030208 _____ () D:\Übersicht\Programme\imageformats\qgif.dll
2014-06-26 07:38 - 2014-08-06 19:47 - 00563656 _____ () D:\Übersicht\Programme\plugins\clientquery_plugin.dll
2014-07-14 09:22 - 2014-08-06 19:47 - 00579016 _____ () D:\Übersicht\Programme\plugins\teamspeak_control_plugin.dll
2014-02-27 15:51 - 2014-02-27 15:51 - 00159232 _____ () D:\Übersicht\Programme\accessible\qtaccessiblewidgets.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 01007104 _____ () D:\Übersicht\Programme\Origin\platforms\qwindows.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00023552 _____ () D:\Übersicht\Programme\Origin\imageformats\qgif.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00024576 _____ () D:\Übersicht\Programme\Origin\imageformats\qico.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00216576 _____ () D:\Übersicht\Programme\Origin\imageformats\qjpeg.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00261120 _____ () D:\Übersicht\Programme\Origin\imageformats\qmng.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00019456 _____ () D:\Übersicht\Programme\Origin\imageformats\qtga.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00337408 _____ () D:\Übersicht\Programme\Origin\imageformats\qtiff.dll
2014-08-03 00:06 - 2015-01-27 11:53 - 00018944 _____ () D:\Übersicht\Programme\Origin\imageformats\qwbmp.dll
2015-02-05 20:37 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 20:37 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 20:37 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3236316847-1076086714-31016914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nuclear\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nuclear\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Übersicht\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: PDFPrint => D:\Übersicht\Programme\PDF24\pdf24.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3236316847-1076086714-31016914-500 - Administrator - Disabled)
Gast (S-1-5-21-3236316847-1076086714-31016914-501 - Limited - Disabled)
Nuclear (S-1-5-21-3236316847-1076086714-31016914-1000 - Administrator - Enabled) => C:\Users\Nuclear

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 10:47:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm EvilWithin.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dd8

Startzeit: 01d042566c308051

Endzeit: 45

Anwendungspfad: D:\Übersicht\Spiele\rld-thevwi\The Evil Within\EvilWithin.exe

Berichts-ID: aeabcbf1-ae49-11e4-b31d-0025226b1f74

Error: (02/06/2015 10:17:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 08:34:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (02/07/2015 11:45:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SecurityUtility Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/06/2015 11:04:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/06/2015 08:15:08 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (02/06/2015 10:47:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EvilWithin.exe1.0.0.0dd801d042566c30805145D:\Übersicht\Spiele\rld-thevwi\The Evil Within\EvilWithin.exeaeabcbf1-ae49-11e4-b31d-0025226b1f74

Error: (02/06/2015 10:17:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Übersicht\Programme\esetsmartinstaller_deu.exe

Error: (02/06/2015 08:34:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Übersicht\Programme\MSI Afterburner\MSIAfterburner.exe

Error: (02/06/2015 06:21:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"D:\Übersicht\Programme\MSI Afterburner\MSIAfterburner.exe

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader64.exe

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSSHooksLoader.exe

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\RTSS.exe

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer64.exe

Error: (02/06/2015 05:22:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"d:\Übersicht\programme\rivatuner statistics server\EncoderServer.exe


CodeIntegrity Errors:
===================================
  Date: 2015-02-05 17:04:53.725
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-05 17:04:53.688
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 21%
Total physical RAM: 12286.15 MB
Available physical RAM: 9641.79 MB
Total Pagefile: 24870.48 MB
Available Pagefile: 22228.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:10.12 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:651.88 GB) NTFS
Drive g: (NFSMW) (CDROM) (Total:2.13 GB) (Free:0 GB) UDF
Drive h: (BBQ) (Removable) (Total:1.86 GB) (Free:1.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60275C42)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: A2450932)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)

==================== End Of Log ============================
         

Antwort

Themen zu Tabs öffnet sich automatisch bei google chrome
js/toolbar.crossrider.b, pup.optional.bettermarkit.a, win32/adware.addlyrics.dn, win32/adware.addlyrics.dr, win32/adware.adservice.k, win32/adware.adservice.m, win32/adware.adservice.r, win32/adware.convertad.r, win32/adware.eorezo, win32/adware.eorezo.aj, win32/adware.eorezo.au, win32/downloadsponsor.c, win32/elex.av, win32/elex.bd, win32/elex.bf, win32/elex.bh, win32/elex.bm, win32/elex.y, win32/speedchecker.a, win32/speedchecker.b, win32/systweak.g, win64/adware.addlyrics.f, win64/adware.addlyrics.h, win64/systweak.a, öffnet sich automatisch



Ähnliche Themen: Tabs öffnet sich automatisch bei google chrome


  1. Chrome öffnet automatisch tabs
    Log-Analyse und Auswertung - 19.09.2015 (10)
  2. Windows 7: Chrome öffnet automatisch Tabs mit Werbung
    Log-Analyse und Auswertung - 13.07.2015 (16)
  3. Chrome/Opera öffnet werbe-tabs automatisch!
    Log-Analyse und Auswertung - 04.06.2015 (21)
  4. Chrome öffnet automatisch neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.05.2015 (29)
  5. Chrome öffnet automatisch Tabs
    Log-Analyse und Auswertung - 26.03.2015 (10)
  6. Unter Google Chrome öffnen sich automatisch Tabs
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (15)
  7. Google Chrome (auf Mac!) öffnet permanent automatisch Werbung in neuen Tabs
    Alles rund um Mac OSX & Linux - 03.03.2015 (3)
  8. Chrome öffnet automatisch leere Tabs
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (66)
  9. Chrome öffnet automatisch neue Tabs
    Log-Analyse und Auswertung - 30.01.2015 (15)
  10. Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen
    Log-Analyse und Auswertung - 11.12.2014 (1)
  11. Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen
    Log-Analyse und Auswertung - 04.07.2014 (7)
  12. Google Chrome öffnet automatisch neue Tabs
    Log-Analyse und Auswertung - 03.07.2014 (4)
  13. Chrome Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 29.06.2014 (19)
  14. win7: google chrome öffnet automatisch tabs mit werbung
    Log-Analyse und Auswertung - 04.06.2014 (19)
  15. win7: google chrome öffnet automatisch tabs mit werbung, danke an M-K- D-B!
    Lob, Kritik und Wünsche - 04.06.2014 (0)
  16. Google Chrome öffnet automatisch Tabs
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (10)
  17. Google Chrome öffnet sich nach dem Startup automatisch
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (2)

Zum Thema Tabs öffnet sich automatisch bei google chrome - Hallo liebe community Ich bin selber nicht gerade auf den kopf gefallen was malware angeht und so ander kram da. Ich habe adwcleaner und Malwarebytes Anti-Malware durch meinen Pc laufen - Tabs öffnet sich automatisch bei google chrome...
Archiv
Du betrachtest: Tabs öffnet sich automatisch bei google chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.