Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.03.2015, 23:05   #1
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hallo liebe Trojaner-Board Community,

mein Bruder hat sich vor einigen Tagen paar Trojaner eingefangen. Ich selbst habe mit der "Kaspersky Rescue Disc" dann seinen PC im abgesicherten Modus gestartet und einen vollständigen Scan ausgeführt.
Es wurde einiges gefunden, doch 1 Fund konnte nicht gelöscht werden.

Logfile vom Scan, ist noch auf seinem PC gespeichert.

Leider funktioniert bei ihm nun kein Browser mehr und auch alle Tätigkeiten die mit Netzwerk zu tun haben auch nicht.

Würde mich freuen, wenn jemand uns nen Ratschlag geben könnte, wie wir sein System noch retten können.

Lieber Gruß

Alt 19.03.2015, 23:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 20.03.2015, 00:22   #3
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hallo,

danke für die schnelle Antwort. Sein PC hat leider kein Zugriff aufs Internet, kann ich die Dateien auch mit einem USB Stick auf seinen Rechner kopieren, dann ausführen?

Vorhanden sind nur Logs vom Kaspersky Rescue Scan, Malwarebytes wurde nicht ausgeführt.
__________________

Alt 20.03.2015, 00:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Ja, muss dann ja per Stick wenn kein inet da ist...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2015, 12:42   #5
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Kaspersky Rescue Disc 10 Scan

Code:
ATTFilter
Untersuchung von Objekten: wurde abgeschlossen vor weniger als einer Minute  (Ereignis: 61, Objekte: 1053751, Zeit: 01:39:47)	
19.03.15 00:43	Aufgabe wurde abgeschlossen			
19.03.15 00:43	Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.dll	Vom Benutzer übersprungen	
19.03.15 00:43	Gefunden: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.dll		
19.03.15 00:43	Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.backup.dll	Vom Benutzer übersprungen	
19.03.15 00:43	Gefunden: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.backup.dll		
19.03.15 00:42	Nicht desinfizierte Objekte: Trojan-Downloader.Win32.Genome.pgwt	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2_1	Vom Benutzer übersprungen	
19.03.15 00:42	Gefunden: Trojan-Downloader.Win32.Genome.pgwt	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2_1		
19.03.15 00:42	Nicht desinfizierte Objekte: Trojan-Dropper.MSIL.Agent.auvh	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2	Vom Benutzer übersprungen	
19.03.15 00:42	Gefunden: Trojan-Dropper.MSIL.Agent.auvh	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2		
19.03.15 00:42	Gelöscht: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
19.03.15 00:42	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
19.03.15 00:42	Gelöscht: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
19.03.15 00:41	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
19.03.15 00:41	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	C:/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
19.03.15 00:41	Gefunden: Trojan.MSIL.Disfa.boi	C:/Users/Phillip/AppData/Local/Temp/explorer.exe		
19.03.15 00:41	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	C:/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
19.03.15 00:40	Gefunden: Trojan.Win32.Fsysna.bdnd	C:/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
19.03.15 00:29	Verarbeitungsfehler	D:/GameZ/LOTROEU_Enedwaith_DE_Installer/lotrosetup.exe	Lesefehler	
18.03.15 23:56	Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.backup.dll	Zurückgestellt	
18.03.15 23:56	Nicht desinfizierte Objekte: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.dll	Zurückgestellt	
18.03.15 23:56	Gefunden: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.backup.dll		
18.03.15 23:56	Gefunden: HEUR:Trojan.Win32.Generic	D:/Sicherung alter PC/E/Worms Armageddon/DXMfc.dll		
18.03.15 23:45	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:45	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:44	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:44	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:42	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:42	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:41	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:41	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:20	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:20	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:18	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	C:/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:18	Gefunden: Trojan.Win32.Fsysna.bdnd	C:/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:17	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	C:/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:17	Gefunden: Trojan.MSIL.Disfa.boi	C:/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:15	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:15	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:11	Nicht desinfizierte Objekte: Trojan-Downloader.Win32.Genome.pgwt	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2_1	Zurückgestellt	
18.03.15 23:11	Gefunden: Trojan-Downloader.Win32.Genome.pgwt	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2_1		
18.03.15 23:11	Nicht desinfizierte Objekte: Trojan-Dropper.MSIL.Agent.auvh	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2	Zurückgestellt	
18.03.15 23:11	Gefunden: Trojan-Dropper.MSIL.Agent.auvh	C:/Program Files (x86)/Panda Security/Panda Security Protection/LostandFound/components2		
18.03.15 23:09	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:09	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:08	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:08	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:06	Nicht desinfizierte Objekte: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe	Zurückgestellt	
18.03.15 23:06	Gefunden: Trojan.MSIL.Disfa.boi	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Local/Temp/explorer.exe		
18.03.15 23:05	Nicht desinfizierte Objekte: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe	Zurückgestellt	
18.03.15 23:05	Gefunden: Trojan.Win32.Fsysna.bdnd	/mnt/MountedDevices/PD-D2AB1056-0000000006500000/Users/Phillip/AppData/Roaming/Windows Services/services.exe		
18.03.15 23:04	Aufgabe wurde gestartet
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Phillip (administrator) on PHILLIP-PC on 20-03-2015 13:23:42
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available profiles: Phillip)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\...\Run: [Windows Services] => C:\Users\Phillip\AppData\Roaming\Windows Services\services.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-20] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 12 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll File Not found ()
Winsock: Catalog9-x64 12 C:\Windows\system32\abengine64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default
FF Homepage: hxxp://www.t-online.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spiele\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-11-28] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3639536685-2187574041-2537157961-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Extension: ProxTube - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoSquint - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\nosquint@urandom.ca.xpi [2013-12-14]
FF Extension: Session Manager - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-04]
FF Extension: {61ff6d5b-b16e-4d4f-867d-a53a3edebcdc} - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{61ff6d5b-b16e-4d4f-867d-a53a3edebcdc}.xpi [2015-01-12]
FF Extension: YouTube High Definition - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-08-05]
FF Extension: Adblock Plus - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-21] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-02] (Kingsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-16] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-27] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2013-05-20] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-18] (Disc Soft Ltd)
R3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2012-08-07] (SweetLow) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-12] (REALiX(tm))
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-02] (Kingsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Phillip\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 13:23 - 2015-03-20 13:23 - 00016950 _____ () C:\Users\Phillip\Desktop\FRST.txt
2015-03-20 13:23 - 2015-03-20 13:23 - 00000000 ____D () C:\FRST
2015-03-20 13:23 - 2015-03-20 00:41 - 02095616 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2015-03-20 13:19 - 2015-03-20 13:19 - 00000000 ____D () C:\ProgramData\Kingsoft
2015-03-18 22:27 - 2015-03-18 22:27 - 00003570 _____ () C:\Windows\System32\Tasks\PNPGLZVDA
2015-03-18 22:27 - 2015-03-18 22:27 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-03-18 22:27 - 2015-03-18 22:27 - 00003090 _____ () C:\Windows\System32\Tasks\trik3004
2015-03-18 21:46 - 2015-03-18 21:46 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-16 15:12 - 2015-03-20 13:15 - 00001411 _____ () C:\Windows\setupact.log
2015-03-16 15:12 - 2015-03-16 15:12 - 00000352 _____ () C:\Windows\PFRO.log
2015-03-16 15:12 - 2015-03-16 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 09:59 - 2015-03-16 09:59 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\timgquxs
2015-03-16 09:55 - 2014-03-11 16:48 - 00040480 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2015-03-16 09:27 - 2015-03-19 01:42 - 00000000 _RSHD () C:\Users\Phillip\AppData\Roaming\Windows Services
2015-03-16 00:54 - 2015-03-16 00:54 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\NVIDIA
2015-03-16 00:43 - 2015-03-16 00:43 - 00000218 _____ () C:\Users\Phillip\Desktop\Counter-Strike.url
2015-03-10 18:28 - 2015-03-10 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-10 18:27 - 2015-03-10 18:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-10 18:27 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-10 18:27 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-10 18:27 - 2015-02-05 20:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-10 18:27 - 2015-02-05 20:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-10 18:27 - 2015-02-05 20:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-10 18:27 - 2015-02-05 13:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-06 15:49 - 2015-03-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-28 20:31 - 2015-02-28 20:31 - 00001592 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2015-02-28 15:33 - 2015-02-28 15:54 - 00000000 ____D () C:\Users\Phillip\AppData\Local\UmmyVideoDownloader
2015-02-23 13:04 - 2015-02-23 13:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls
2015-02-21 15:02 - 2015-02-21 15:02 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Steam
2015-02-18 13:44 - 2015-03-20 13:13 - 00289015 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 13:18 - 2009-07-14 05:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 13:18 - 2009-07-14 05:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 13:16 - 2009-07-14 18:58 - 00674610 _____ () C:\Windows\system32\perfh007.dat
2015-03-20 13:16 - 2009-07-14 18:58 - 00139750 _____ () C:\Windows\system32\perfc007.dat
2015-03-20 13:16 - 2009-07-14 06:13 - 01556210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-20 13:15 - 2015-02-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-20 13:11 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-20 13:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 22:29 - 2013-07-09 10:50 - 00000029 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Usage.ini
2015-03-19 22:27 - 2013-11-19 20:40 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\TS3Client
2015-03-18 22:39 - 2013-05-24 10:31 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\vlc
2015-03-18 22:24 - 2013-05-19 10:12 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-18 21:04 - 2014-03-23 11:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 18:13 - 2013-05-19 12:36 - 00003146 _____ () C:\Windows\System32\Tasks\FRAPS
2015-03-16 16:05 - 2013-12-30 00:35 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-16 09:23 - 2013-06-02 12:55 - 00000021 _____ () C:\Users\Phillip\AppData\Roaming\config_data.dat
2015-03-16 08:34 - 2014-12-21 15:48 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Corsair
2015-03-16 02:15 - 2013-05-19 10:17 - 00000000 ____D () C:\ProgramData\Origin
2015-03-16 02:15 - 2013-05-19 10:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-16 01:50 - 2014-03-23 11:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-16 01:50 - 2013-05-17 20:05 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-16 01:50 - 2013-05-17 20:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-16 01:37 - 2014-08-14 16:08 - 00000596 __RSH () C:\ProgramData\ntuser.pol
2015-03-10 18:27 - 2013-07-11 13:07 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-10 18:27 - 2013-05-17 20:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-10 18:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-08 00:32 - 2014-03-14 17:39 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Skype
2015-03-06 14:36 - 2014-02-23 14:07 - 00000000 ____D () C:\Users\Phillip\AppData\Local\DayZ
2015-03-02 15:47 - 2013-05-19 20:25 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-02 15:47 - 2013-05-19 20:25 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-01 21:39 - 2013-05-19 13:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-28 20:31 - 2015-01-16 20:17 - 00000000 ____D () C:\Users\Phillip\.gimp-2.8
2015-02-28 20:30 - 2015-01-16 21:10 - 00000000 ____D () C:\Users\Phillip\AppData\Local\gtk-2.0
2015-02-28 15:34 - 2013-06-02 16:07 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\DVDVideoSoft
2015-02-27 22:45 - 2013-05-19 20:25 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-27 22:45 - 2013-05-19 20:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-22 17:11 - 2014-06-30 18:57 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Arma 3
2015-02-22 17:10 - 2013-10-04 20:45 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 13:33 - 2013-05-17 20:09 - 00007626 _____ () C:\Users\Phillip\AppData\Local\resmon.resmoncfg

==================== Files in the root of some directories =======

2014-09-09 11:00 - 2015-01-11 13:03 - 0000302 _____ () C:\Users\Phillip\AppData\Roaming\BreakingPoint_Login.ini
2014-09-09 11:02 - 2015-01-11 13:12 - 0001408 _____ () C:\Users\Phillip\AppData\Roaming\BreakingPoint_Options.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000127 _____ () C:\Users\Phillip\AppData\Roaming\Camdata.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000408 _____ () C:\Users\Phillip\AppData\Roaming\CamLayout.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000408 _____ () C:\Users\Phillip\AppData\Roaming\CamShapes.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0004574 _____ () C:\Users\Phillip\AppData\Roaming\CamStudio.cfg
2013-06-02 12:55 - 2015-03-16 09:23 - 0000021 _____ () C:\Users\Phillip\AppData\Roaming\config_data.dat
2014-01-31 08:04 - 2014-10-20 11:52 - 0001154 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Settings.ini
2013-07-09 10:50 - 2015-03-19 22:29 - 0000029 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Usage.ini
2014-11-02 15:16 - 2014-11-02 16:16 - 0000096 _____ () C:\Users\Phillip\AppData\Roaming\version2.xml
2015-02-28 20:31 - 2015-02-28 20:31 - 0001592 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2013-05-17 20:09 - 2015-02-18 13:33 - 0007626 _____ () C:\Users\Phillip\AppData\Local\resmon.resmoncfg
2014-10-18 19:26 - 2014-10-18 19:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-03-18 19:38

==================== End Of Log ============================
         
--- --- ---




Addition


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Phillip at 2015-03-20 13:23:56
Running from C:\Users\Phillip\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Xonar U7 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F39206632A}) (Version:   - ASUSTeK Computer Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BeamNG.drive (HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\...\BeamNG.drive) (Version: 0.3.1.0 - beamng.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.4.4948 - Corsair)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\CMIUSB&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
HWiNFO64 Version 4.48 (HKLM\...\HWiNFO64_is1) (Version: 4.48 - Martin Malík - REALiX)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.0 - Tracker Software Products Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.2.1.1 - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{2F5DA951-82C6-471e-90BD-CAB15552A932}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{85A0641D-324D-4b47-9E5C-D2F33CCB14C3}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\SYSTEM32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {144AC2C2-0891-4258-94C4-9748496BAD7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {23B3186F-73A0-45DE-8196-D3F0EDDC0D4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16] (Adobe Systems Incorporated)
Task: {2CB8659F-569B-4A0B-B442-C113B406FC36} - System32\Tasks\FRAPS => D:\FRAPS\fraps.exe [2013-02-26] (Beepa P/L)
Task: {40247C15-39D6-4059-A974-E9AAAA72C24A} - System32\Tasks\PNPGLZVDA => C:\ProgramData\0dfcafffadba49a298b588510cb87bf9\0dfcafffadba49a298b588510cb87bf9.exe
Task: {61423804-DAF7-4E7C-BFC5-9F76AA458B57} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [2014-11-26] (REALiX)
Task: {80B3C200-534C-4F27-9A5B-F4FA4E88F309} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2F73501-C532-4DA0-BF3C-7D69C01CD7F8} - \Start CorsairLINK Hardware Monitor No Task File <==== ATTENTION
Task: {B3EE32CC-D2B6-4DD9-8F3D-D79185654F54} - System32\Tasks\trik3004 => C:\PROGRA~2\TabNav\trik3004.exe
Task: {CB17C761-ABD2-4628-B7B1-78F70617F00C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {CF1E8D14-A304-4535-B913-D355D0A349AB} - \Start Corsair Link No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-10 18:27 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-19 20:24 - 2015-02-27 22:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-16 09:59 - 2015-03-16 09:59 - 00157696 _____ () C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll
2014-12-25 12:52 - 2013-08-06 11:34 - 02453504 ____N () C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3639536685-2187574041-2537157961-500 - Administrator - Disabled)
Gast (S-1-5-21-3639536685-2187574041-2537157961-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3639536685-2187574041-2537157961-1002 - Limited - Enabled)
Phillip (S-1-5-21-3639536685-2187574041-2537157961-1000 - Administrator - Enabled) => C:\Users\Phillip

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 01:11:55 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/20/2015 01:11:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0xcfc
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3

Error: (03/20/2015 01:11:38 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:28:46 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0xd04
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3

Error: (03/19/2015 10:28:30 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:12:58 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:12:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0xe40
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3

Error: (03/19/2015 10:12:41 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 00:46:21 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


System errors:
=============
Error: (03/20/2015 01:15:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (03/20/2015 01:15:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (03/20/2015 01:15:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (03/20/2015 01:13:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147014790

Error: (03/20/2015 01:13:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147014790.

Error: (03/20/2015 01:13:40 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147952506.

Error: (03/20/2015 01:12:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: 
%%2

Error: (03/20/2015 01:11:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 
%%10106

Error: (03/20/2015 01:11:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2147014854

Error: (03/20/2015 01:11:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%-2147014854


Microsoft Office Sessions:
=========================
Error: (03/20/2015 01:11:55 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/20/2015 01:11:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.57.145.0543d6bf8Qt5Network.dll5.1.1.053695429c00000050000000000078280cfc01d0630706dd52bcC:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\Qt5Network.dll466e1dac-cefa-11e4-b26f-08606ee7ef88

Error: (03/20/2015 01:11:38 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:28:46 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:28:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.57.145.0543d6bf8Qt5Network.dll5.1.1.053695429c00000050000000000078280d0401d0628ba71de712C:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\Qt5Network.dlle66bdba7-ce7e-11e4-8897-08606ee7ef88

Error: (03/19/2015 10:28:30 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:12:58 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 10:12:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.57.145.0543d6bf8Qt5Network.dll5.1.1.053695429c00000050000000000078280e4001d0628971fbe418C:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\Qt5Network.dllb1421060-ce7c-11e4-918e-08606ee7ef88

Error: (03/19/2015 10:12:41 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (03/19/2015 00:46:21 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


CodeIntegrity Errors:
===================================
  Date: 2015-02-10 12:46:26.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-10 12:34:38.908
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 14:57:39.300
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 12:33:48.326
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 12:01:19.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 11:54:59.813
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 11:28:09.849
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 11:13:39.543
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 11:13:07.190
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-09 10:35:56.252
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8134.84 MB
Available physical RAM: 6686.64 MB
Total Pagefile: 10181.03 MB
Available Pagefile: 8639.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:73.57 GB) NTFS
Drive d: () (Fixed) (Total:596.16 GB) (Free:263.42 GB) NTFS
Drive e: () (Fixed) (Total:596.17 GB) (Free:338.72 GB) NTFS
Drive h: () (Removable) (Total:0.49 GB) (Free:0.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A5D5DC5A)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5B2FBDC9)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D2AB1056)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 503.3 MB) (Disk ID: 01B10499)
Partition 1: (Active) - (Size=503 MB) - (Type=0B)

==================== End Of Log ============================
         

Schönen Freitag wünsche ich


Alt 20.03.2015, 12:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr

Alt 20.03.2015, 19:21   #7
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hallo,

hier der gewünschte Scan mit Combofix

Code:
ATTFilter
ComboFix 15-03-14.03 - Phillip 20.03.2015  20:09:02.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8135.6702 [GMT 1:00]
ausgeführt von:: c:\users\Phillip\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Phillip\AppData\Roaming\Windows Services
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
d:\eigene dateien\Eigene Dokumente\~WRL0003.tmp
d:\eigene dateien\Eigene Dokumente\~WRL0005.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-20 bis 2015-03-20  ))))))))))))))))))))))))))))))
.
.
2015-03-20 12:23 . 2015-03-20 12:24	--------	d-----w-	C:\FRST
2015-03-20 12:19 . 2015-03-20 12:19	--------	d-----w-	c:\programdata\Kingsoft
2015-03-18 20:46 . 2015-03-18 20:46	--------	d-----w-	c:\program files\Common Files\Lavasoft
2015-03-16 08:59 . 2015-03-16 08:59	--------	d-----w-	c:\users\Phillip\AppData\Roaming\timgquxs
2015-03-16 08:55 . 2014-03-11 15:48	40480	----a-w-	c:\windows\system32\drivers\PsBoot.sys
2015-03-15 23:54 . 2015-03-15 23:54	--------	d-----w-	c:\users\Phillip\AppData\Roaming\NVIDIA
2015-03-10 17:28 . 2015-03-10 17:28	--------	d-----w-	c:\programdata\NVIDIA
2015-03-02 15:07 . 2015-03-02 15:07	--------	d-----w-	c:\users\Phillip\AppData\Local\ElevatedDiagnostics
2015-02-28 14:33 . 2015-02-28 14:54	--------	d-----w-	c:\users\Phillip\AppData\Local\UmmyVideoDownloader
2015-02-23 12:04 . 2015-02-23 12:04	--------	d-----w-	c:\program files (x86)\Microsoft Chart Controls
2015-02-21 14:02 . 2015-02-21 14:02	--------	d-----w-	c:\users\Phillip\AppData\Local\Steam
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-16 00:50 . 2013-05-17 19:05	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-16 00:50 . 2013-05-17 19:05	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-02 14:47 . 2013-05-19 19:25	280856	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2015-03-02 14:47 . 2013-05-19 19:25	280856	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2015-02-27 21:45 . 2013-05-19 19:24	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2015-02-27 21:45 . 2013-05-19 19:25	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-12-31 12:12 . 2014-01-27 14:54	113365784	----a-w-	c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2013-05-19 11:40	298120	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-02-18 2874048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-08-31 508656]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2014-10-16 37624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Phillip\AppData\Local\Temp\ALSysIO64.sys;c:\users\Phillip\AppData\Local\Temp\ALSysIO64.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys;c:\program files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 cmcore;Clean Master Core Service;c:\program files (x86)\cmcm\Clean Master\cmcore.exe;c:\program files (x86)\cmcm\Clean Master\cmcore.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSU7;ASUS Xonar U7 Audio Device;c:\windows\system32\DRIVERS\ASUSU7.SYS;c:\windows\SYSNATIVE\DRIVERS\ASUSU7.SYS [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys;c:\windows\SYSNATIVE\DRIVERS\hidusbf.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-17 00:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
"GamecomSound"="c:\program files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe" [2013-08-06 2453504]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-02-23 17:02; {d64e478d-4dee-4bfb-afe4-30b84e6a3157}; c:\users\Phillip\..\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\extensions\{d64e478d-4dee-4bfb-afe4-30b84e6a3157}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Windows Services - c:\users\Phillip\AppData\Roaming\Windows Services\services.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-Locked - (no file)
AddRemove-CMIUSB&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\CMIUSB&1B1C&1C00
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3639536685-2187574041-2537157961-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,f2,44,79,b7,de,c4,cd,f9,d5,db,a6,c5,c1,62,47,dc,5a,09,ae,88,
   7f,d4,33,ae,78,18,fe,f3,d0,68,98,af,ba,f8,db,c4,94,03,7d,5b,32,2c,f9,5e,7f,\
"rkeysecu"=hex:6a,be,0b,b7,aa,de,4b,56,f1,db,24,a3,c5,6f,71,db
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
d:\fraps\fraps.exe
c:\program files\Logitech Gaming Software\Applets\LCDWebCam.exe
c:\program files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
c:\program files\Logitech Gaming Software\Applets\LCDYT.exe
c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe
c:\program files (x86)\Steam\bin\steamwebhelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-20  20:13:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-20 19:13
.
Vor Suchlauf: 8 Verzeichnis(se), 78.856.531.968 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 78.698.110.976 Bytes frei
.
- - End Of File - - 646B87C3E4B5DC9AD49CC24381FC077C
A36C5E4F47E84449FF07ED3517B43A31
         
Schönen Abend noch

Alt 21.03.2015, 01:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2015, 21:35   #9
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hallo, hier die neuen Scans!

Adwcleaner

Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 21/03/2015 um 22:22:19
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-21.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Phillip - PHILLIP-PC
# Gestarted von : C:\Users\Phillip\Desktop\AdwCleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\foxydeal.sqlite

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v8.0.7601.18595


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R2].txt - [1063 Bytes] - [21/03/2015 22:21:26]
AdwCleaner[S2].txt - [987 Bytes] - [21/03/2015 22:22:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1045  Bytes] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x64
Ran by Phillip on 21.03.2015 at 22:24:30,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Phillip\AppData\Roaming\mozilla\firefox\profiles\raf60uc3.default\prefs.js

user_pref("extensions.bTSu1KdBAAqcLpsV.url", "hxxp://get-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rTrGrjaMg708BNmGWj8wmihGheDUojw8rdrFqTa5rTs8rihIC7n0rjkErHw7rdYGqdnHtNhVCT94tMVKhd95
user_pref("extensions.rujI6IQVpSNt0kLz.url", "hxxp://veteranted.net/sync2/?q=hfZ9ofV9CShEAen0rTrGrjaMg708BNmGWj8wmihGheDUojw8rdrFqTa5rjUGrShIC7n0rjkErHw7rdYGrda8tNhVCT94tMVKhd
Emptied folder: C:\Users\Phillip\AppData\Roaming\mozilla\firefox\profiles\raf60uc3.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2015 at 22:26:21,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Phillip (administrator) on PHILLIP-PC on 21-03-2015 22:27:13
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available profiles: Phillip)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Beepa P/L) D:\FRAPS\fraps.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(REALiX) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Beepa P/L) D:\FRAPS\fraps64.dat
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [GamecomSound] => C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe [2453504 2013-08-06] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default
FF Homepage: hxxp://www.t-online.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> D:\Spiele\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2014-11-28] (Reto-Moto ApS)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3639536685-2187574041-2537157961-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-05-26] (Tracker Software Products (Canada) Ltd.)
FF Extension: ProxTube - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: NoSquint - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\nosquint@urandom.ca.xpi [2013-12-14]
FF Extension: Session Manager - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-06-04]
FF Extension: {61ff6d5b-b16e-4d4f-867d-a53a3edebcdc} - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{61ff6d5b-b16e-4d4f-867d-a53a3edebcdc}.xpi [2015-01-12]
FF Extension: YouTube High Definition - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-08-05]
FF Extension: Adblock Plus - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-14]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Phillip\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-21] ()
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-02] (Kingsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-16] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-12-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-27] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2013-05-20] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUSU7; C:\Windows\System32\DRIVERS\ASUSU7.SYS [406016 2013-08-01] (C-Media Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-18] (Disc Soft Ltd)
R3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2012-08-07] (SweetLow) [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-12] (REALiX(tm))
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-02] (Kingsoft Corporation)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\Phillip\AppData\Local\Temp\ALSysIO64.sys [X]
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 22:24 - 2015-03-21 22:18 - 01388672 _____ (Thisisu) C:\Users\Phillip\Desktop\JRT.exe
2015-03-21 22:22 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-21 22:21 - 2015-03-21 22:22 - 00000000 ____D () C:\AdwCleaner
2015-03-21 22:20 - 2015-03-21 22:18 - 02171392 _____ () C:\Users\Phillip\Desktop\AdwCleaner_4.112.exe
2015-03-20 20:13 - 2015-03-20 20:13 - 00017960 _____ () C:\ComboFix.txt
2015-03-20 20:08 - 2015-03-20 20:13 - 00000000 ____D () C:\Qoobox
2015-03-20 20:08 - 2015-03-20 20:12 - 00000000 ____D () C:\Windows\erdnt
2015-03-20 20:08 - 2015-03-20 20:06 - 05615380 ____R (Swearware) C:\Users\Phillip\Desktop\ComboFix.exe
2015-03-20 20:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-20 20:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-20 20:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-20 20:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-20 20:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-20 20:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-20 20:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-20 20:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-20 13:23 - 2015-03-21 22:27 - 00017285 _____ () C:\Users\Phillip\Desktop\FRST.txt
2015-03-20 13:23 - 2015-03-21 22:27 - 00000000 ____D () C:\FRST
2015-03-20 13:23 - 2015-03-20 00:41 - 02095616 _____ (Farbar) C:\Users\Phillip\Desktop\FRST64.exe
2015-03-20 13:19 - 2015-03-20 13:19 - 00000000 ____D () C:\ProgramData\Kingsoft
2015-03-18 22:27 - 2015-03-18 22:27 - 00003570 _____ () C:\Windows\System32\Tasks\PNPGLZVDA
2015-03-18 22:27 - 2015-03-18 22:27 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-03-18 22:27 - 2015-03-18 22:27 - 00003090 _____ () C:\Windows\System32\Tasks\trik3004
2015-03-18 21:46 - 2015-03-18 21:46 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-16 15:12 - 2015-03-21 22:22 - 00001579 _____ () C:\Windows\setupact.log
2015-03-16 15:12 - 2015-03-20 20:11 - 00000904 _____ () C:\Windows\PFRO.log
2015-03-16 15:12 - 2015-03-16 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-16 09:59 - 2015-03-16 09:59 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\timgquxs
2015-03-16 09:55 - 2014-03-11 16:48 - 00040480 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys
2015-03-16 00:54 - 2015-03-16 00:54 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\NVIDIA
2015-03-16 00:43 - 2015-03-16 00:43 - 00000218 _____ () C:\Users\Phillip\Desktop\Counter-Strike.url
2015-03-10 18:28 - 2015-03-10 18:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-10 18:27 - 2015-03-10 18:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-03-10 18:27 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-10 18:27 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-10 18:27 - 2015-02-05 22:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-10 18:27 - 2015-02-05 20:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-10 18:27 - 2015-02-05 20:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-10 18:27 - 2015-02-05 20:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-10 18:27 - 2015-02-05 20:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-10 18:27 - 2015-02-05 13:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-06 15:49 - 2015-03-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-28 20:31 - 2015-02-28 20:31 - 00001592 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2015-02-28 15:33 - 2015-02-28 15:54 - 00000000 ____D () C:\Users\Phillip\AppData\Local\UmmyVideoDownloader
2015-02-23 13:04 - 2015-02-23 13:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Chart Controls
2015-02-21 15:02 - 2015-02-21 15:02 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Steam

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 22:25 - 2015-02-18 13:44 - 00300863 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 22:23 - 2015-02-09 15:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-21 22:23 - 2013-05-19 12:36 - 00003146 _____ () C:\Windows\System32\Tasks\FRAPS
2015-03-21 22:22 - 2009-07-14 18:58 - 00674610 _____ () C:\Windows\system32\perfh007.dat
2015-03-21 22:22 - 2009-07-14 18:58 - 00139750 _____ () C:\Windows\system32\perfc007.dat
2015-03-21 22:22 - 2009-07-14 06:13 - 01556210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 22:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 22:22 - 2009-07-14 05:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 22:22 - 2009-07-14 05:45 - 00020992 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 22:19 - 2014-03-23 11:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 20:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-20 20:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-20 20:11 - 2013-07-09 10:50 - 00000029 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Usage.ini
2015-03-20 20:07 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-19 22:27 - 2013-11-19 20:40 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\TS3Client
2015-03-18 22:39 - 2013-05-24 10:31 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\vlc
2015-03-18 22:24 - 2013-05-19 10:12 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-16 16:05 - 2013-12-30 00:35 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-16 09:23 - 2013-06-02 12:55 - 00000021 _____ () C:\Users\Phillip\AppData\Roaming\config_data.dat
2015-03-16 08:34 - 2014-12-21 15:48 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Corsair
2015-03-16 02:15 - 2013-05-19 10:17 - 00000000 ____D () C:\ProgramData\Origin
2015-03-16 02:15 - 2013-05-19 10:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-16 01:50 - 2014-03-23 11:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-16 01:50 - 2013-05-17 20:05 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-16 01:50 - 2013-05-17 20:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-10 18:27 - 2013-07-11 13:07 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-10 18:27 - 2013-05-17 20:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-10 18:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-08 00:32 - 2014-03-14 17:39 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\Skype
2015-03-06 14:36 - 2014-02-23 14:07 - 00000000 ____D () C:\Users\Phillip\AppData\Local\DayZ
2015-03-02 15:47 - 2013-05-19 20:25 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-03-02 15:47 - 2013-05-19 20:25 - 00280856 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-03-01 21:39 - 2013-05-19 13:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-28 20:31 - 2015-01-16 20:17 - 00000000 ____D () C:\Users\Phillip\.gimp-2.8
2015-02-28 20:30 - 2015-01-16 21:10 - 00000000 ____D () C:\Users\Phillip\AppData\Local\gtk-2.0
2015-02-28 15:34 - 2013-06-02 16:07 - 00000000 ____D () C:\Users\Phillip\AppData\Roaming\DVDVideoSoft
2015-02-27 22:45 - 2013-05-19 20:25 - 00280792 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-02-27 22:45 - 2013-05-19 20:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-02-22 17:11 - 2014-06-30 18:57 - 00000000 ____D () C:\Users\Phillip\AppData\Local\Arma 3
2015-02-22 17:10 - 2013-10-04 20:45 - 00000000 ____D () C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2014-09-09 11:00 - 2015-01-11 13:03 - 0000302 _____ () C:\Users\Phillip\AppData\Roaming\BreakingPoint_Login.ini
2014-09-09 11:02 - 2015-01-11 13:12 - 0001408 _____ () C:\Users\Phillip\AppData\Roaming\BreakingPoint_Options.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000127 _____ () C:\Users\Phillip\AppData\Roaming\Camdata.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000408 _____ () C:\Users\Phillip\AppData\Roaming\CamLayout.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0000408 _____ () C:\Users\Phillip\AppData\Roaming\CamShapes.ini
2014-11-02 15:18 - 2014-11-02 16:22 - 0004574 _____ () C:\Users\Phillip\AppData\Roaming\CamStudio.cfg
2013-06-02 12:55 - 2015-03-16 09:23 - 0000021 _____ () C:\Users\Phillip\AppData\Roaming\config_data.dat
2014-01-31 08:04 - 2014-10-20 11:52 - 0001154 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Settings.ini
2013-07-09 10:50 - 2015-03-20 20:11 - 0000029 _____ () C:\Users\Phillip\AppData\Roaming\Network Meter_Usage.ini
2014-11-02 15:16 - 2014-11-02 16:16 - 0000096 _____ () C:\Users\Phillip\AppData\Roaming\version2.xml
2015-02-28 20:31 - 2015-02-28 20:31 - 0001592 _____ () C:\Users\Phillip\AppData\Local\recently-used.xbel
2013-05-17 20:09 - 2015-02-18 13:33 - 0007626 _____ () C:\Users\Phillip\AppData\Local\resmon.resmoncfg
2014-10-18 19:26 - 2014-10-18 19:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Phillip\AppData\Local\Temp\Quarantine.exe
C:\Users\Phillip\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-03-18 19:38

==================== End Of Log ============================
         
--- --- ---



Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Phillip at 2015-03-21 22:27:26
Running from C:\Users\Phillip\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Xonar U7 Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F39206632A}) (Version:   - ASUSTeK Computer Inc.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BeamNG.drive (HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\...\BeamNG.drive) (Version: 0.3.1.0 - beamng.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Clean Master (HKLM-x32\...\Clean Master) (Version: 1.0 - Cheetah Mobile)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.4.4948 - Corsair)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\CMIUSB&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver Sweeper Version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
HWiNFO64 Version 4.48 (HKLM\...\HWiNFO64_is1) (Version: 4.48 - Martin Malík - REALiX)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.308.0 - Tracker Software Products Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
UmmyVideoDownloader (HKLM-x32\...\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1) (Version: 1.2.1.1 - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{2F5DA951-82C6-471e-90BD-CAB15552A932}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{85A0641D-324D-4b47-9E5C-D2F33CCB14C3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-20 20:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {144AC2C2-0891-4258-94C4-9748496BAD7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {23B3186F-73A0-45DE-8196-D3F0EDDC0D4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-16] (Adobe Systems Incorporated)
Task: {40247C15-39D6-4059-A974-E9AAAA72C24A} - System32\Tasks\PNPGLZVDA => C:\ProgramData\0dfcafffadba49a298b588510cb87bf9\0dfcafffadba49a298b588510cb87bf9.exe
Task: {5BCFD142-1CB4-45F6-99E8-4705166E6A21} - System32\Tasks\FRAPS => D:\FRAPS\fraps.exe [2013-02-26] (Beepa P/L)
Task: {61423804-DAF7-4E7C-BFC5-9F76AA458B57} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [2014-11-26] (REALiX)
Task: {80B3C200-534C-4F27-9A5B-F4FA4E88F309} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B2F73501-C532-4DA0-BF3C-7D69C01CD7F8} - \Start CorsairLINK Hardware Monitor No Task File <==== ATTENTION
Task: {B3EE32CC-D2B6-4DD9-8F3D-D79185654F54} - System32\Tasks\trik3004 => C:\PROGRA~2\TabNav\trik3004.exe
Task: {CB17C761-ABD2-4628-B7B1-78F70617F00C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {CF1E8D14-A304-4535-B913-D355D0A349AB} - \Start Corsair Link No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-10 18:27 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-19 20:24 - 2015-02-27 22:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-06 08:03 - 2014-12-06 08:03 - 00565760 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-25 12:52 - 2013-08-06 11:34 - 02453504 ____N () C:\Program Files\ASUS Xonar U7 Audio\CPL\ASUSXonarU7_x64.exe
2015-03-16 09:59 - 2015-03-16 09:59 - 00157696 _____ () C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2014-12-06 08:01 - 2014-12-06 08:01 - 00353792 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2014-12-06 08:02 - 2014-12-06 08:02 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3639536685-2187574041-2537157961-500 - Administrator - Disabled)
Gast (S-1-5-21-3639536685-2187574041-2537157961-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3639536685-2187574041-2537157961-1002 - Limited - Enabled)
Phillip (S-1-5-21-3639536685-2187574041-2537157961-1000 - Administrator - Enabled) => C:\Users\Phillip

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8134.84 MB
Available physical RAM: 6401.63 MB
Total Pagefile: 10181.03 MB
Available Pagefile: 8279.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:73.47 GB) NTFS
Drive d: () (Fixed) (Total:596.16 GB) (Free:263.43 GB) NTFS
Drive e: () (Fixed) (Total:596.17 GB) (Free:338.72 GB) NTFS
Drive h: () (Removable) (Total:0.49 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D2AB1056)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: A5D5DC5A)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 5B2FBDC9)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)

========================================================
Disk: 3 (Size: 503.3 MB) (Disk ID: 01B10499)
Partition 1: (Active) - (Size=503 MB) - (Type=0B)

==================== End Of Log ============================
         
Wünsche noch einen schönen Abend !

Alt 22.03.2015, 15:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: {61ff6d5b-b16e-4d4f-867d-a53a3edebcdc} - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{61ff6d5b-b16e-4d4f-867d-a53a3edebcdc}.xpi [2015-01-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll () <==== ATTENTION
Task: {B2F73501-C532-4DA0-BF3C-7D69C01CD7F8} - \Start CorsairLINK Hardware Monitor No Task File <==== ATTENTION
Task: {CF1E8D14-A304-4535-B913-D355D0A349AB} - \Start Corsair Link No Task File <==== ATTENTION
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2015, 17:32   #11
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hi, nach dem Fix ging leider die Maus nicht mehr. Musste einen anderen USB Port nehmen.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Phillip at 2015-03-22 18:25:28 Run:1
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available profiles: Phillip)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: {61ff6d5b-b16e-4d4f-867d-a53a3edebcdc} - C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{61ff6d5b-b16e-4d4f-867d-a53a3edebcdc}.xpi [2015-01-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
CustomCLSID: HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll () <==== ATTENTION
Task: {B2F73501-C532-4DA0-BF3C-7D69C01CD7F8} - \Start CorsairLINK Hardware Monitor No Task File <==== ATTENTION
Task: {CF1E8D14-A304-4535-B913-D355D0A349AB} - \Start Corsair Link No Task File <==== ATTENTION
EmptyTemp:
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3639536685-2187574041-2537157961-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Phillip\AppData\Roaming\Mozilla\Firefox\Profiles\raf60uc3.default\Extensions\{61ff6d5b-b16e-4d4f-867d-a53a3edebcdc}.xpi => Moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.

Der Vorgang wurde erfolgreich beendet.
"HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2F73501-C532-4DA0-BF3C-7D69C01CD7F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F73501-C532-4DA0-BF3C-7D69C01CD7F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start CorsairLINK Hardware Monitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF1E8D14-A304-4535-B913-D355D0A349AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF1E8D14-A304-4535-B913-D355D0A349AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Corsair Link" => Key deleted successfully.
EmptyTemp: => Removed 169.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:25:37 ====
         

Alt 23.03.2015, 08:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2015, 11:38   #13
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hi, scans sind abgeschlossen!

Mbam

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 23.03.2015
Suchlauf-Zeit: 11:09:44
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.03.23.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Phillip

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 359147
Verstrichene Zeit: 3 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 3
PUP.Optional.Multiplug, HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [ee0061e76e1c54e2ed7b250061a25ca4], 
PUP.Optional.Multiplug, HKU\S-1-5-21-3639536685-2187574041-2537157961-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [ee0061e76e1c54e2ed7b250061a25ca4], 
PUP.Optional.LolliScan.A, HKLM\SOFTWARE\LolliScan, In Quarantäne, [7f6f1c2c15752b0b9b7911a8df24b848], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 2
PUP.Optional.FastPlayer.A, C:\Users\Phillip\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q, In Quarantäne, [ca247ace2862102691a17d2a50b35ba5], 
PUP.Optional.FastPlayer.A, C:\Users\Phillip\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.1, In Quarantäne, [ca247ace2862102691a17d2a50b35ba5], 

Dateien: 2
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNew_01009.Wdf, In Quarantäne, [ce2031176a20d363900bd9e5ee15ca36], 
PUP.Optional.FastPlayer.A, C:\Users\Phillip\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.1\user.config, In Quarantäne, [ca247ace2862102691a17d2a50b35ba5], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=10592d34038c224c8c0bc2a335158bfd
# engine=23034
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-23 11:27:19
# local_time=2015-03-23 12:27:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3633309 178739889 0 0
# scanned=252489
# found=8
# cleaned=0
# scan_time=3744
sh=E4228B69B3AABDE4DE9AED083365040B4181A1A4 ft=1 fh=67a432d947ebccb5 vn="Variante von Win32/ELEX.CF evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components1"
sh=6A8755087D639F7E7F63E478F789EC97A7E6F30A ft=1 fh=8119dbc240463dd2 vn="MSIL/Adware.WinuSecu.B Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2"
sh=5ADAE1F9F7DABF555E6BE3012F00B9977B4B254F ft=1 fh=b8cad108dc2a6902 vn="Win32/AdWare.Linkular.AH Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2_1"
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=423E96EF2ADE285934ACDEF3F5F80E419E2B6639 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Phillip\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb\3.9\content.js"
sh=423E96EF2ADE285934ACDEF3F5F80E419E2B6639 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Users\Phillip\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb\3.9\content.js"
sh=5DC4F4AD051D2AB86146F7E2B6B629B63FFBC122 ft=1 fh=24cc6f4fb330a792 vn="Variante von Win32/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Phillip\AppData\Roaming\timgquxs\colers.dll"
sh=C3ADDD9C1FB703290DB8EFEDAC36FBB0C68FABCB ft=1 fh=5993e22e58a19bc0 vn="Variante von Win64/Adware.Hicosmea.A Anwendung" ac=I fn="C:\Users\Phillip\AppData\Roaming\timgquxs\tivesen.dll"
         
Viele Grüße

Alt 23.03.2015, 12:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components1
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2_1
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe
C:\Users\Phillip\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb
C:\Users\Phillip\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb
C:\Users\Phillip\AppData\Roaming\timgquxs
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.03.2015, 15:20   #15
sill
 
PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Standard

PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr



Hier die neue Log

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Phillip at 2015-03-23 16:17:04 Run:2
Running from C:\Users\Phillip\Desktop
Loaded Profiles: Phillip (Available profiles: Phillip)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components1
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2_1
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe
C:\Users\Phillip\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb
C:\Users\Phillip\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb
C:\Users\Phillip\AppData\Roaming\timgquxs
EmptyTemp:
*****************

C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components1 => Moved successfully.
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2 => Moved successfully.
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\components2_1 => Moved successfully.
Could not move "C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" => Scheduled to move on reboot.
C:\Users\Phillip\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb => Moved successfully.
C:\Users\Phillip\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aepcalefcemnbgjgolcoaibbblnimfdb => Moved successfully.
C:\Users\Phillip\AppData\Roaming\timgquxs => Moved successfully.
EmptyTemp: => Removed 30.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-23 16:17:53)<=

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe => Is moved successfully.

==== End of Fixlog 16:17:53 ====
         
Grüße

Antwort

Themen zu PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr
abgesicherte, abgesicherten, fehlercode 0x5, fehlercode 0xc0000005, fehlercode 0xe06d7363, fehlercode 28, fehlercode windows, heur:trojan.win32.generic, js/chromex.agent.l, msil/adware.winusecu.b, pup.optional.fastplayer.a, pup.optional.lolliscan.a, pup.optional.multiplug, pup.optional.webinstr.a, services/services.exe, trojan-downloader.win32.genome.pgwt, trojan-dropper.msil.agent.auvh, trojan.msil.disfa.boi, trojan.win32.fsysna.bdnd, vollständige, win32/adware.hicosmea.a, win32/adware.linkular.ah, win32/elex.cf, win32/toolbar.visicom.a, win64/adware.hicosmea.a



Ähnliche Themen: PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr


  1. USB Maus geht nicht mehr - neue Maus geht nach 2 Tagen auch nicht mehr!
    Netzwerk und Hardware - 26.10.2015 (4)
  2. Pc Startet nicht mehr nach Befall der Samsrv.dll Datei.
    Plagegeister aller Art und deren Bekämpfung - 30.05.2015 (4)
  3. Nach Instalation von Iminet,kein Netzwerk mehr (kein internet mehr) Goggle Chrome und IE lassen sich nicht öffnen(weißer Bildschirm)
    Plagegeister aller Art und deren Bekämpfung - 27.12.2014 (1)
  4. AntiVirus läuft nicht mehr nach Trojaner-Befall
    Log-Analyse und Auswertung - 30.07.2014 (7)
  5. Nach Download, Firefox geht nicht mehr, Explorer läuft nicht richtig
    Log-Analyse und Auswertung - 27.03.2014 (11)
  6. Win 7, Rechner bootete nicht mehr nach Befall - u.a. weißer Bildschirm
    Log-Analyse und Auswertung - 17.09.2013 (28)
  7. Befall mit "Programm kann Fenster nicht öffnen..:"-Trojaner: NICHTs geht mehr :(
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (7)
  8. Pc geht nach trojanerlöschung nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (3)
  9. Win XP bootet nicht mehr nach Trojaner(?)befall
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (7)
  10. Windows startet nach Befall von Antispyware Soft nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (7)
  11. 2 Trojaner - Internet langsam/geht nicht mehr (Netzwerk?) - Was tun?
    Log-Analyse und Auswertung - 07.03.2010 (1)
  12. Netzwerk geht nicht mehr, DNS plötzlich 192.168.0.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2009 (11)
  13. Internet geht nach ca. 10min nicht mehr / vorher nur lahm / nach neustart das gleiche
    Log-Analyse und Auswertung - 01.12.2008 (0)
  14. Google und einige andere Seiten funktionieren nach Trojaner-Befall nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 07.06.2008 (28)
  15. Neuaufsetzen? CD Laufwerk geht nicht mehr, Bagle-Befall
    Plagegeister aller Art und deren Bekämpfung - 04.06.2008 (1)
  16. Netzwerk ist nach einiger nicht mehr vorhanden.
    Netzwerk und Hardware - 30.11.2007 (6)
  17. kann nach beseitigtem trojaner befall desktop nicht mehr ändern
    Log-Analyse und Auswertung - 27.12.2005 (1)

Zum Thema PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr - Hallo liebe Trojaner-Board Community, mein Bruder hat sich vor einigen Tagen paar Trojaner eingefangen. Ich selbst habe mit der " Kaspersky Rescue Disc " dann seinen PC im abgesicherten Modus - PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr...
Archiv
Du betrachtest: PC vom Bruder nach Trojaner Befall, geht Netzwerk nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.