Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windows Vista braucht ca. 10 Minuten zum booten (https://www.trojaner-board.de/167312-windows-vista-braucht-ca-10-minuten-booten.html)

defianter 27.05.2015 17:30
Windows Vista braucht ca. 10 Minuten zum booten
 
Hallo,

auf der Suche nach der Beseitigung des Delta-Homes Hijackers bin ich auf dieses Board aufmerksam geworden. Die Hilfestellungen die den Usern gegeben wurden, haben auch mir bei meinem Problem geholfen. Nun bin ich auf der Suche nach Hilfe beim Verbessern der Bootzeit meines schon in die Jahre gekommenen Vista Systems. Ich habe einige Threads gelesen, bin aber viel zu unsicher beim auswerten und analysieren der Logfiles. Deshalb bitte ich hier mal um Expertenrat.
Der Auftakt scheint immer das FRST Log zu sein, was ich, Eure Hilfe vorrausgesetzt, schonmal erstellt habe.

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015
Ran by defianter (administrator) on DEFIPC on 27-05-2015 18:07:26
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
() C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-10-08] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ipTray.exe] => C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe [1632456 2011-11-10] (Intel(R) Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\MountPoints2: {2451a126-02b9-11e4-8989-386077f061c6} - G:\DVAP.exe
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\MountPoints2: {7b218bf6-abf3-11e1-8d19-386077f061c6} - E:\feprog.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.7.0_05\bin\ssv.dll [2014-05-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.7.0_05\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre1.7.0_05\bin\plugin2\npjp2.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-17]

Opera:
=======
OPR StartupUrls: "opera://startpage/"
OPR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-19]
OPR Extension: (Adblock Plus) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-13] (Protection Technology)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IduService; C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [124616 2011-11-10] (Intel(R) Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 Intel(R) Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-11-10] (Intel Corporation) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-19] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-19] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Spiele\Origin\OriginClientService.exe [1931632 2015-04-09] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-02-09] () [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-13] (Protection Technology)
R3 cpuio; C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2012-03-15] (Intel Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c60x64.sys [292016 2010-09-20] (Intel Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-18] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 18:07 - 2015-05-27 18:07 - 00000000 ___DC () C:\FRST
2015-05-26 23:18 - 2015-05-26 23:19 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-26 23:16 - 2015-05-26 23:37 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\Program Files (x86)\AllDup
2015-05-26 23:16 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-05-26 23:16 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx
2015-05-26 23:16 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtFrame.ocx
2015-05-26 23:16 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx
2015-05-26 23:16 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx
2015-05-26 23:16 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll
2015-05-26 23:16 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtScrollContainer.ocx
2015-05-26 23:16 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\Windows\SysWOW64\fldrvw90.ocx
2015-05-26 18:51 - 2015-05-26 18:51 - 00000787 _____ () C:\Users\defianter\Desktop\launcher.exe - Verknüpfung.lnk
2015-05-26 18:44 - 2015-05-26 18:44 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-26 18:44 - 2015-05-26 18:44 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-26 18:31 - 2015-05-26 19:36 - 00000000 ____D () C:\Windows\pss
2015-05-26 18:26 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-26 00:07 - 2015-05-26 00:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-26 00:06 - 2015-05-26 00:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-25 23:59 - 2015-05-25 23:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEFIPC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-25 23:59 - 2015-05-25 23:59 - 00000000 ___DC () C:\RegBackup
2015-05-25 17:55 - 2015-05-26 20:17 - 1793184127 _____ () C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso.opdownload
2015-05-25 14:22 - 2015-05-25 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 14:22 - 2015-05-25 14:22 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-25 11:48 - 2015-05-25 11:48 - 00000000 ____C () C:\autoexec.bat
2015-05-24 11:16 - 2015-05-24 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 01:11 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-14 01:11 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-14 01:11 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-14 01:11 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-14 01:11 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 01:11 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 01:11 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 01:11 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:11 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 00:51 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 00:51 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:46 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:46 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-14 00:45 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:45 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:11 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 17:11 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 17:11 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 17:11 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 18:07 - 2014-02-18 17:57 - 00000000 ____D () C:\Users\defianter\Desktop\VIRUS
2015-05-27 18:07 - 2012-09-20 16:36 - 00000000 ____D () C:\Users\defianter\Documents\Outlook-Dateien
2015-05-27 18:00 - 2014-12-03 19:00 - 00123592 _____ () C:\Users\defianter\Network_Meter_Data.js
2015-05-27 17:39 - 2006-11-02 17:27 - 01750861 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 17:36 - 2014-12-03 18:55 - 00017027 _____ () C:\Users\defianter\IP_Log_Data.js
2015-05-27 17:36 - 2012-06-22 20:26 - 00001154 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
2015-05-27 17:34 - 2012-08-06 18:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-27 17:31 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-27 17:28 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 17:28 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 17:28 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 07:24 - 2014-08-28 21:23 - 00000000 ____D () C:\ProgramData\Origin
2015-05-27 07:24 - 2013-03-03 20:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-27 07:24 - 2006-11-02 17:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-27 07:08 - 2012-03-31 09:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 23:36 - 2012-06-22 20:26 - 00001132 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
2015-05-26 21:39 - 2011-02-17 20:18 - 00004789 _____ () C:\Users\defianter\Documents\kniffel.ods
2015-05-26 20:27 - 2012-03-16 03:05 - 00868672 _____ () C:\Windows\PFRO.log
2015-05-26 19:09 - 2014-01-05 13:09 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-26 19:07 - 2012-07-24 16:35 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-26 19:04 - 2014-09-30 20:13 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Anvsoft
2015-05-26 19:03 - 2012-03-20 22:07 - 00000000 ____D () C:\ProgramData\ABBYY
2015-05-26 18:47 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\uTorrent
2015-05-26 18:44 - 2015-01-10 15:10 - 00000799 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000979 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000933 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-26 01:30 - 2015-03-19 23:10 - 00000000 ____D () C:\Users\defianter\AppData\Local\JDownloader v2.0
2015-05-26 00:34 - 2006-11-02 17:21 - 00432848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:31 - 2012-03-16 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 00:08 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2015-05-26 00:07 - 2012-03-16 01:17 - 00104120 _____ () C:\Users\defianter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 14:07 - 2014-02-18 17:58 - 00000000 ____D () C:\AdwCleaner
2015-05-25 11:48 - 2012-03-16 01:16 - 00000000 ____D () C:\Users\defianter
2015-05-22 19:29 - 2013-09-06 08:35 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\vlc
2015-05-20 18:59 - 2015-01-10 15:10 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420895415
2015-05-20 18:59 - 2012-03-17 01:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-16 12:08 - 2013-05-03 12:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-14 11:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:13 - 2012-04-10 18:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 01:11 - 2012-03-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 01:07 - 2013-07-13 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:55 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-14 00:46 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-14 00:45 - 2012-04-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-05-04 14:37 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2013-05-04 14:37 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url
2013-10-26 11:15 - 2013-10-26 11:37 - 0000137 _____ () C:\Users\defianter\AppData\Roaming\Camdata.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamLayout.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamShapes.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0004596 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.cfg
2013-10-26 11:33 - 2013-10-26 11:36 - 0000098 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.command
2013-10-26 11:29 - 2013-10-26 11:37 - 0000000 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.Data.ini
2013-10-26 11:29 - 2013-10-26 11:37 - 0001206 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.ini
2013-10-14 23:19 - 2013-10-14 23:19 - 0023888 _____ () C:\Users\defianter\AppData\Roaming\UserTile.png
2013-10-26 11:14 - 2013-10-26 11:30 - 0000096 _____ () C:\Users\defianter\AppData\Roaming\version2.xml
2013-07-27 00:14 - 2014-02-18 17:15 - 0000170 _____ () C:\Users\defianter\AppData\Roaming\WB.CFG
2012-03-16 02:13 - 2015-03-25 10:25 - 0001356 _____ () C:\Users\defianter\AppData\Local\d3d9caps.dat
2012-03-16 01:16 - 2012-03-16 03:52 - 0000732 _____ () C:\Users\defianter\AppData\Local\d3d9caps64.dat
2012-03-16 00:37 - 2015-02-28 15:15 - 0099840 _____ () C:\Users\defianter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-07 20:27 - 2012-05-07 20:27 - 0155712 _____ () C:\Users\defianter\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-05-07 20:26 - 2012-05-07 20:26 - 0000002 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35error.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0419972 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35install.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 2331586 _____ () C:\Users\defianter\AppData\Local\dd_NET_Framework35_x64_MSI7380.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0362916 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0424308 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0371226 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0367280 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BBB.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0013958 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0011248 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0011642 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0011722 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BBB.txt
2015-04-06 11:03 - 2015-04-06 11:03 - 0001488 _____ () C:\Users\defianter\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\defianter\AppData\Local\setup.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0002492 _____ () C:\Users\defianter\AppData\Local\uxeventlog.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 0001472 _____ () C:\Users\defianter\AppData\Local\VWL7018.tmp
2012-05-07 20:29 - 2012-05-07 20:29 - 0001906 _____ () C:\Users\defianter\AppData\Local\VWLA4A3.tmp
2013-07-12 20:13 - 2013-07-12 20:13 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\defianter\9375CFF0413111d3B88A00104B2A6676.reg
C:\Users\defianter\IP_Log_Data.js
C:\Users\defianter\Network_Meter_Data.js


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 17:40

==================== End of log ============================
Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015
Ran by defianter at 2015-05-27 18:08:04
Running from C:\Users\defianter\Desktop\VIRUS
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-561146854-4284327693-16180569-500 - Administrator - Disabled)
defianter (S-1-5-21-561146854-4284327693-16180569-1000 - Administrator - Enabled) => C:\Users\defianter
Gast (S-1-5-21-561146854-4284327693-16180569-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
aerofly FS (HKLM-x32\...\aerofly FS_is1) (Version: 1.0.0.1 - IPACS)
AeroFly Professional Deluxe (HKLM-x32\...\{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}) (Version: 1.8.0.9 - )
AeroFly Professional Deluxe AddOn 3 (True Scale AddOn) (HKLM-x32\...\{4F5EBA69-57B4-484D-B60D-DD95981031A0}) (Version: 1.11.0705 - IPACS)
aerofly RC 7 (HKLM-x32\...\aerofly RC 7_is1) (Version: 7.0.1 - IPACS)
Airfield MSC-Albatros Nalbach e.V. (HKLM-x32\...\{}_is1) (Version: 1.0 - Detlef Jacobi)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Belkin F5D8053 N Wireless USB Adapter (HKLM-x32\...\InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}) (Version: 2.0.0.04 - Belkin)
Belkin F5D8053 N Wireless USB Adapter (x32 Version: 2.0.0.04 - Belkin) Hidden
CAS Studio 9.8.3 (HKLM-x32\...\{16C30019-2F60-4B26-98F6-DE90B3E27261}) (Version: 9.8.2 - Duolabs)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
die Szenerie 'Suedafrikanische_Wueste' für Phoenix RC, Paketversion 1 (HKLM-x32\...\'Suedafrikanische_Wueste'-Szenerie für Phoenix RC_is1) (Version:  - Harald Bendschneider)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Druckerdeinstallation für EPSON SX430 Series (HKLM\...\EPSON SX430 Series) (Version:  - SEIKO EPSON Corporation)
DVAPTray (HKLM-x32\...\{30D1B542-44E0-44F0-8A31-2A101CB626B5}) (Version: 1.0.0.6 - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EA SPORTS FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.1.0.50515 - Electronic Arts, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.7.0.0 - Electronic Arts)
ElsterFormular (HKLM-x32\...\ElsterFormular 13.1.1.8531p) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Intel(R) Desktop Utilities (HKLM-x32\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Desktop Utilities (HKLM-x32\...\InstallShield_{D5712598-E05C-4B51-B97B-66A2EBC80170}) (Version: 3.2.1 - Intel Corporation)
Intel(R) Desktop Utilities (x32 Version: 3.2.1 - Intel Corporation) Hidden
Intel(R) Integrator Assistant (HKLM-x32\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel(R) SMBus (HKLM\...\SMBus) (Version:  - )
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005F0}) (Version: 7.0.50 - Oracle)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MSV-Steinberg Bussard Bilsdorf e.V. Version 1.0 (HKLM-x32\...\{D2E222AA-1D5E-4CE1-9B26-140CC3722B43}_is1) (Version: 1.0 - phoenix-sim-szenerien.de)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Nero 7 Ultra Edition (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}) (Version: 7.02.0936 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3 - )
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.21.2812 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Parallel Port Joystick (HKLM-x32\...\Parallel Port Joystick) (Version:  - )
Phoenix RC Szenerie Berlin-Tempelhof (HKLM-x32\...\Phoenix RC Szenerie Berlin-Tempelhof) (Version:  - )
PhoenixRC (HKLM-x32\...\{86404000-52CF-41AE-9B2E-85892F7CB7D4}) (Version: 1.2.0 - Runtime Games Ltd)
RealFlight G4 R/C Simulator (HKLM-x32\...\RealFlightG4Pro) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Screen Capturer Recorder uninstall (HKLM-x32\...\Screen Capturer Recorder_is1) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Serviio (HKLM\...\Serviio) (Version:  - )
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
STK02N 2.0 (HKLM-x32\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.0 - Syntek)
swf2avi 0.3 (HKLM-x32\...\swf2avi_is1) (Version: 0.3 - Mario Pizzinini, Pizzinini.net)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.57a - Ghisler Software GmbH)
Tour de France 2011 - Der offizielle Radsport-Manager Version 1 (HKLM-x32\...\Pro Cycling Manager 2011_is1) (Version: 1.0.4.4 - Cyanide)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WSC Real 09 (HKLM-x32\...\{51AA8C3F-B316-44A8-B371-4BB6047E45DF}) (Version: 1.00.0000 - Blade Interactive Studios)
Xvid MPEG-4 Video Codec (HKLM-x32\...\Xvid_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{2F5DA951-82C6-471e-90BD-CAB15552A932}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-561146854-4284327693-16180569-1000_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10C6FE43-3B26-4F4C-AACE-45C2D0C7EE19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {342ACF1D-5A0C-430B-8DD5-50BF419E31F7} - System32\Tasks\Opera scheduled Autoupdate 1420895415 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {38BA84EC-274E-43B1-8636-F9E1481BDB76} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {46253403-CF42-44FB-8B53-7D522A039882} - \DealPly No Task File <==== ATTENTION
Task: {568EF648-8678-4E3C-B95F-61D32C4A7373} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core => C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {8127F029-7BD9-4CAA-BFCD-F71F5B09CEC4} - \QtraxPlayer No Task File <==== ATTENTION
Task: {B20D244C-C253-4831-90BD-E09EC035A168} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {B922D1D7-9C56-45C9-8EB6-0964EBD4D9CD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA => C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {C03775A7-BA75-41ED-A95B-FCD50A559387} - \DSite No Task File <==== ATTENTION
Task: {C039FF47-C6CF-40CD-9398-287BD05AF9BA} - System32\Tasks\{298DBE74-8B2A-4747-8D34-BE9AD0754B77} => pcalua.exe -a D:\Programme\Spiele\Frontschweine\SETUP.EXE -d D:\Programme\Spiele\Frontschweine
Task: {F8228E48-3C4F-458F-BAF7-622D86F56430} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job => C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job => C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2015-02-09 15:56 - 2015-02-09 15:56 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2012-03-18 23:54 - 2012-03-18 23:54 - 00006144 _____ () C:\Users\defianter\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\CoreTempReader.dll
2012-03-18 23:54 - 2012-03-18 23:54 - 00008704 _____ () C:\Users\defianter\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\GetCoreTempInfoNET.dll
2012-03-18 23:54 - 2012-03-18 23:54 - 00007680 _____ () C:\Users\defianter\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.5.gadget\SystemInfo.dll
2015-05-20 18:59 - 2015-05-20 18:51 - 00479352 _____ () C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe
2015-03-31 12:30 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-12-06 18:12 - 2014-08-28 08:46 - 00059904 _____ () D:\Programme\Screen Capturer Recorder\screen-capture-recorder.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () D:\Programme\Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-561146854-4284327693-16180569-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\defianter\Pictures\dl-tranquility-3360x10502.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK02N 2.0 PNP Monitor.lnk => C:\Windows\pss\STK02N 2.0 PNP Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^defianter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk => C:\Windows\pss\Serviio.lnk.Startup
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: EADM => "D:\Programme\Spiele\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Facebook Update => "C:\Users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{DE938DAA-56C7-41CF-8D20-E9915E3EDFF5}] => (Allow) LPort=80
FirewallRules: [{C05D561E-0794-41FC-ABB6-A3B267993275}] => (Allow) LPort=80
FirewallRules: [{A555EA11-1785-427C-997F-A767AE0EBBDA}] => (Allow) LPort=80
FirewallRules: [{0403168D-00AC-43FF-A5A3-9B5CCB4876F5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{23A93BC7-90D6-41BB-9129-445D8BD53B95}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{5C65D86B-B76F-439E-BD4B-80B249D819D1}] => (Allow) I:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8BCD87F6-4345-43DF-8BAA-AD7AA18807FD}] => (Allow) I:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{A1DBE396-48A5-4028-A001-FB97B445026E}] => (Allow) D:\Tour de France 2011 - Der offizielle Radsport-Manager\PCM.exe
FirewallRules: [{8FB9F27E-1F67-4B98-980D-160DE2A40C10}] => (Allow) D:\Tour de France 2011 - Der offizielle Radsport-Manager\PCM.exe
FirewallRules: [{AF33DD6F-CA2F-4FE8-A1ED-B8B52FD0D06A}] => (Allow) D:\Tour de France 2011 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe
FirewallRules: [{FCE5441D-2D01-4DF5-BF0D-87A0E6F757A8}] => (Allow) D:\Tour de France 2011 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe
FirewallRules: [TCP Query User{3DF26677-B9DA-429B-8171-4432A9214391}D:\nfsw\data\nfsw.exe] => (Allow) D:\nfsw\data\nfsw.exe
FirewallRules: [UDP Query User{0B96366E-6B80-40CA-8081-B996D877F3B2}D:\nfsw\data\nfsw.exe] => (Allow) D:\nfsw\data\nfsw.exe
FirewallRules: [TCP Query User{26CCF71D-1360-4820-95FC-63AED1A7121B}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{1CE5734A-89D7-43A6-B7C7-8992E509D331}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{9B32F0DB-ECC3-4BE6-8AFA-3B10D1EE4F2F}D:\nfs_the run\need for speed the run.exe] => (Block) D:\nfs_the run\need for speed the run.exe
FirewallRules: [UDP Query User{BE95EF8B-CF50-46B4-8FC3-015975037787}D:\nfs_the run\need for speed the run.exe] => (Block) D:\nfs_the run\need for speed the run.exe
FirewallRules: [{27782F32-F254-4689-812A-2B22BDE68E3B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6BEA795D-0AB6-46EB-98D0-2CEDFC21FC54}] => (Allow) LPort=2869
FirewallRules: [{DCF55875-22E9-4376-9E61-3E28BD56ECF5}] => (Allow) LPort=1900
FirewallRules: [{85D4E286-72C1-4741-A270-E6688135E1DA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{346CCB4B-3596-4EAD-90B0-312C8F99EE78}] => (Allow) C:\Users\defianter\AppData\Local\Google Translator\Google Translator.exe
FirewallRules: [{38E88C2C-8098-4822-947D-9D1B2BE81E21}] => (Allow) C:\Users\defianter\AppData\Local\Google Translator\Google Translator.exe
FirewallRules: [{FDCF0554-17DD-4496-B9D5-2E3BCB800FDC}] => (Allow) C:\Users\defianter\AppData\Local\Google Translator (2)\Google Translator (2).exe
FirewallRules: [{5498CEB0-18FF-41D0-B368-4B9D23D8DB45}] => (Allow) C:\Users\defianter\AppData\Local\Google Translator (2)\Google Translator (2).exe
FirewallRules: [{7291344C-5729-432D-A08D-4EB176C2B915}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{48658AC6-785A-4121-BB66-C494F4226509}] => (Allow) C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [TCP Query User{90BA7D4A-D55B-4C2E-BC48-117D2716D10C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{47A62AE0-72FE-4A24-B15C-3BC745FA9D9B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{F21D75AD-BCDB-4D69-9A41-CF70AF4F366E}] => (Allow) D:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{4AE8022F-F5C6-46DB-9897-8BDE613A1647}] => (Allow) D:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{4A0323B1-0DF9-4B80-AF58-392E54CD6C6F}] => (Allow) D:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{66E153DC-472A-4F8A-8D63-298FFB26CF4D}] => (Allow) D:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{4C8E2EB4-B1B1-4968-A23E-4D4F06EC6EC6}] => (Allow) D:\Programme\Office\Office14\outlook.exe
FirewallRules: [{EBF30DDD-BE12-4039-94EF-A7671B6D6A01}] => (Allow) D:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{9606476A-B8A5-4404-A1C1-BEDC612BDC89}] => (Allow) D:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{8CC1F6A8-8B5F-4BFA-9F7B-7A73DDEBF1CD}] => (Allow) D:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{25D294E5-6023-4C3C-A3BA-3E7CC7DDBF28}] => (Allow) D:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{0A35E64B-97F6-4FF8-8DAA-10B0CD3DBEE9}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{28BC50C2-C170-4094-A2BA-14F6F4633586}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{C28BFCBD-CC8E-417E-B5A1-89953E79B2D4}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K12\nba2k12.exe
FirewallRules: [{2D3EFD56-28CE-4068-A1A7-E93D50A340B5}] => (Allow) C:\Program Files (x86)\2K Sports\NBA 2K12\nba2k12.exe
FirewallRules: [{585F85DB-0714-4C69-A1F7-93F7070C946C}] => (Allow) D:\2K NBA 2K13\nba2k13.exe
FirewallRules: [{179E3C63-40C6-4966-9B29-9E3784AF2490}] => (Allow) D:\2K NBA 2K13\nba2k13.exe
FirewallRules: [TCP Query User{74058982-8F02-414D-9B40-A5D573C30D09}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{832E9ADE-758C-45CA-8E27-E3EFA22D205A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{BDAA1301-6E90-457C-A34C-66285BDCCB81}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{682FF5AE-533E-4D81-9975-2C198F091E75}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0560FE25-BC30-429B-A281-D7C2E2635265}] => (Allow) C:\Program Files (x86)\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe
FirewallRules: [{67255CBC-8250-427E-A4AB-5983B8795A60}] => (Allow) C:\Program Files (x86)\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe
FirewallRules: [TCP Query User{3B861FCA-CCE8-44DB-BF2E-1C6ED4F5BB57}D:\mohaa\mohaa.exe] => (Allow) D:\mohaa\mohaa.exe
FirewallRules: [UDP Query User{51AAAC57-CA81-46AF-92E1-99D7BA5D3F84}D:\mohaa\mohaa.exe] => (Allow) D:\mohaa\mohaa.exe
FirewallRules: [TCP Query User{83CA1A33-F211-4EF6-9FE5-C549709D15BB}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{31167418-58BC-459E-8A61-47A6FB23E4B9}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [{BD9FDB5A-FF5B-4E2F-8D1A-62B7C68BB05B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-RPCSS-TCP-In] => (Allow) %systemroot%\system32\rsmsink.exe
FirewallRules: [Microsoft-Windows-RemovableStorageManagement-Client-DCOM-In] => (Allow) %systemroot%\system32\rsmsink.exe
FirewallRules: [TCP Query User{2880A121-EDF9-49DF-B9DE-827F55F3F4BC}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7C2F9286-C581-4B97-AEF5-24C89FA1445B}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{4FD1B674-6903-4558-848E-C4EF4E420136}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{AC1C76C7-6E36-479F-8B0C-08725665839B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{A1C74189-BE69-4E68-99FD-D8D305724A04}] => (Allow) C:\Users\defianter\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{31779ECF-4325-43D3-ACF5-5625F18F5B7D}] => (Allow) C:\Users\defianter\AppData\Roaming\ICQM\icq.exe
FirewallRules: [TCP Query User{C70DE801-6E14-4085-9EC1-549C9ADBCACB}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{E27671F0-9BA3-4F1D-B98A-0802CB5CBD02}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{188699BF-CC21-4B05-ACF8-5C2A91C1259E}D:\Programme\Spiele\war thunder\aces.exe] => (Block) D:\Programme\Spiele\war thunder\aces.exe
FirewallRules: [UDP Query User{77B7AB2B-0EE3-448E-8C49-71D90830B4A6}D:\Programme\Spiele\war thunder\aces.exe] => (Block) D:\Programme\Spiele\war thunder\aces.exe
FirewallRules: [TCP Query User{03DBD7D5-E5C8-4078-B9E6-D52CF071CBA1}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{9A2844C4-9ADA-49DE-ABB9-ED263420EE2F}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{E27FB460-B0FA-47B1-B860-D4F102C2CEA3}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{0C86B8C0-D8DD-4902-BF42-A32AD3B88DBC}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{34572DF8-9D9D-4082-A681-F3A2AB06A8BB}] => (Allow) LPort=53168
FirewallRules: [{354F358F-7501-4CEF-9FF4-3F8B6FF69B80}] => (Allow) LPort=53168
FirewallRules: [{9DE5BA45-B864-41C2-81A9-CD9B11A94FA5}] => (Allow) LPort=53168
FirewallRules: [{BE9DCD10-1009-4221-808C-F0B9444AE881}] => (Allow) LPort=2869
FirewallRules: [{389F0414-4F32-46C8-B03F-ECAE7D36BCC0}] => (Allow) LPort=1900
FirewallRules: [{C78043F7-E956-43A4-9186-C4EC61A23C0F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{57E47A31-8F4A-4860-9133-DBCB5683B422}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
FirewallRules: [{7D88A25E-18F5-419C-8431-6AF486A1DE7F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{1B63BBB6-DF8C-471D-AF7F-218E2C81E3B1}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
FirewallRules: [{2B765C31-79A5-4082-ABCF-7383EA689B58}] => (Allow) D:\Programme\Spiele\Tour de France 2011 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe
FirewallRules: [{8E75F233-2738-4F5A-9245-A9776F7C5DF1}] => (Allow) D:\Programme\Spiele\Tour de France 2011 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe
FirewallRules: [TCP Query User{4C365ECC-4618-40F2-9F51-AAD948C49A15}D:\programme\spiele\tour de france 2011 - der offizielle radsport-manager\pcm.exe] => (Block) D:\programme\spiele\tour de france 2011 - der offizielle radsport-manager\pcm.exe
FirewallRules: [UDP Query User{D02AD5D5-85FE-463C-9372-D55A025C0310}D:\programme\spiele\tour de france 2011 - der offizielle radsport-manager\pcm.exe] => (Block) D:\programme\spiele\tour de france 2011 - der offizielle radsport-manager\pcm.exe
FirewallRules: [{1EFD9E33-D439-4460-B2DE-190F6BA270EC}] => (Allow) D:\Programme\Spiele\Tour de France 2011 - Der offizielle Radsport-Manager\PCM.exe
FirewallRules: [{6D1C3CC1-5F16-451D-84E6-6C1507876230}] => (Allow) D:\Programme\Spiele\Tour de France 2011 - Der offizielle Radsport-Manager\PCM.exe
FirewallRules: [TCP Query User{242C3752-F69C-4F91-942A-69B0EA4B5909}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{DC5ECD0A-F0DB-4033-9EC9-5C9E45947278}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{8569C31F-B7B4-4092-8781-1176B41DC8C2}] => (Allow) D:\Programme\Spiele\NBA\nba2k14.exe
FirewallRules: [{111C7580-D842-4370-BA0A-AF0D86553C41}] => (Allow) D:\Programme\Spiele\NBA\nba2k14.exe
FirewallRules: [TCP Query User{485406A7-469A-47C3-964B-CB25FAE40896}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{A357B7BA-653F-4D2E-BB28-99B72F3EF726}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{1DA79807-A500-4EDC-A1E3-D9A56330FEA1}] => (Allow) I:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{41A0123E-B1B5-4F82-A57E-5DC67B1B39CB}] => (Allow) I:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{0A62DCEF-25F1-4A33-B560-19F0A108EE18}] => (Allow) D:\Programme\PhoenixRC\OnlineInstaller.exe
FirewallRules: [{89BD3F15-31AE-482C-835D-892F12219179}] => (Allow) D:\Programme\PhoenixRC\OnlineInstaller.exe
FirewallRules: [{E1A18ABA-AD61-4A70-894A-3C5D784095AF}] => (Allow) C:\Users\defianter\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FBCF1236-C39C-42BD-B3CD-5B184D964CA7}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
FirewallRules: [{D8D6E979-09EA-4018-9DAA-2B2D73DFEDE1}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
FirewallRules: [TCP Query User{55D2D241-5E75-40ED-8031-202208510F06}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [UDP Query User{85C6F427-FFF7-4FD8-B600-68411BA5B43D}D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe] => (Allow) D:\program files (x86)\origin games\fifa 15 demo\fifa15_demo.exe
FirewallRules: [{AD900C8B-1DE3-473B-99D5-955F4EDAB702}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
FirewallRules: [{0DDA7734-1B83-4C59-8EBF-ABFC121C6966}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
FirewallRules: [TCP Query User{14064910-1483-4FDF-838D-1CCDE6A8D530}D:\Programme\Spiele\Origin\Data\nfsw.exe] => (Allow) D:\Programme\Spiele\Origin\Data\nfsw.exe
FirewallRules: [UDP Query User{3693F375-9047-4690-9705-8249309DF07E}D:\Programme\Spiele\Origin\Data\nfsw.exe] => (Allow) D:\Programme\Spiele\Origin\Data\nfsw.exe
FirewallRules: [TCP Query User{1D20DC08-6804-4A42-88C1-FBB3B4129DB4}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{4C95EC7B-E9AA-4397-84DD-B7C9D6E1FC91}C:\windows\syswow64\java.exe] => (Allow) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{19EAA3CE-57F6-4C06-B614-E73B134BCFAC}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{F638735D-F856-421C-8CE6-81A8200DB1AC}D:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) D:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{871E2D79-9E6E-480D-9ADB-78A5BFAE7CCD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BFD3A780-C4FA-44FE-921E-A6942859C7AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{55FF9EEF-2A9A-4C0B-B57C-B96B1675B8C7}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{F350874C-CD02-45F4-99C3-89354B6E6E65}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{1627665B-8DB3-42A1-ABC7-D53AA9BCEEC4}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{971A3D39-2D17-461C-A55A-D891F4717CE5}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{CDC6D059-3A40-4220-AADA-3F464CE87771}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert.

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 1020) (User: )
Description: Fehler beim Verarbeiten von Registrierungsparametern. Erweiterungs-Agent wird beendet.

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert.

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 3005) (User: )
Description: Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 31916152 angegeben. Der Rückgabecode von ReadEventLog ist 122.

Error: (05/26/2015 07:46:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.

Error: (05/25/2015 11:57:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.

Error: (05/25/2015 02:54:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.

Error: (05/25/2015 02:53:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.

Error: (05/25/2015 02:53:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.

Error: (05/25/2015 02:49:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifest.


System errors:
=============
Error: (05/27/2015 05:34:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: cdrom

Error: (05/27/2015 05:34:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: RIP-Überwachung

Error: (05/27/2015 05:32:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (05/27/2015 05:32:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Net.Tcp-ListeneradapterNet.Tcp-Portfreigabedienst%%1053

Error: (05/27/2015 05:32:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net.Pipe-Listeneradapter%%1053

Error: (05/27/2015 05:32:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Net.Pipe-Listeneradapter

Error: (05/27/2015 05:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net.Msmq-Listeneradapter%%1053

Error: (05/27/2015 05:31:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Net.Msmq-Listeneradapter

Error: (05/27/2015 05:31:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net.Tcp-Portfreigabedienst%%1053

Error: (05/27/2015 05:31:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Net.Tcp-Portfreigabedienst


Microsoft Office:
=========================
Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description:

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 1020) (User: )
Description:

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 2019) (User: )
Description:

Error: (05/27/2015 05:30:46 PM) (Source: EvntAgnt) (EventID: 3005) (User: )
Description: 31916152122

Error: (05/26/2015 07:46:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe

Error: (05/25/2015 11:57:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe

Error: (05/25/2015 02:54:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe

Error: (05/25/2015 02:53:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe

Error: (05/25/2015 02:53:59 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe

Error: (05/25/2015 02:49:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_150efbaaf40a61a7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.19355_none_5cbc328208868aad.manifestC:\Users\defianter\Desktop\VIRUS\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-05-25 11:03:02.114
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 11:03:01.996
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 11:03:01.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 11:03:01.763
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 11:03:01.647
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 11:03:01.531
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 10:55:12.038
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 10:55:11.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 10:55:11.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-25 10:55:11.607
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 8168.51 MB
Available physical RAM: 5103.34 MB
Total Pagefile: 16546.51 MB
Available Pagefile: 13218.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:232.88 GB) (Free:137.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:604.49 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================

schrauber 27.05.2015 18:07
Hi,

was genau wurde gemacht um die Adware zu entfernen?

defianter 27.05.2015 18:29
Leider Gottes habe ich, und damit komme ich offensichtlich vom Regen in die Traufe, Sp*h*nter 4 installiert. Erst als er vieles fand, es aber nur gegen Gebühr entfernen wollte, wurde ich skeptisch.
Schlussendlich half mir dann nach vielen Versuchen: Adware-Removal-Tool-v3.9.1. Das klappte ganz wunderbar

schrauber 28.05.2015 12:20
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

defianter 28.05.2015 20:51
Danke, dass Du dich meinem Problem annimmst!!
Hier die combo.txt

Code:
ComboFix 15-05-28.01 - defianter 28.05.2015  21:19:11.2.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.8169.5931 [GMT 2:00]
ausgeführt von:: c:\users\defianter\Desktop\VIRUS\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Free Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-04-28 bis 2015-05-28  ))))))))))))))))))))))))))))))
.
.
2015-05-28 19:27 . 2015-05-28 19:27        --------        d-----w-        c:\users\defianter\AppData\Local\temp
2015-05-28 19:27 . 2015-05-28 19:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-27 16:07 . 2015-05-27 16:08        --------        dc----w-        C:\FRST
2015-05-26 21:18 . 2015-05-26 21:19        --------        d-----w-        c:\program files\Defraggler
2015-05-26 21:16 . 2008-01-29 05:57        450560        ----a-w-        c:\windows\SysWow64\fldrvw90.ocx
2015-05-26 21:16 . 2015-05-26 21:37        --------        d-----w-        c:\users\defianter\AppData\Roaming\AllDup
2015-05-26 21:16 . 2015-05-26 21:16        --------        d-----w-        c:\programdata\AllDup
2015-05-26 21:16 . 2015-05-26 21:16        --------        d-----w-        c:\program files (x86)\AllDup
2015-05-26 21:16 . 2010-10-13 04:42        2369456        ----a-w-        c:\windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
2015-05-26 21:16 . 2010-08-20 19:53        86016        ----a-w-        c:\windows\SysWow64\mtSplitter.ocx
2015-05-26 21:16 . 2010-06-11 08:50        89888        ----a-w-        c:\windows\SysWow64\mtFrame.ocx
2015-05-26 21:16 . 2010-06-01 12:45        1005088        ----a-w-        c:\windows\SysWow64\TList8.ocx
2015-05-26 21:16 . 2010-03-25 08:33        171752        ----a-w-        c:\windows\SysWow64\mtRTF2.ocx
2015-05-26 21:16 . 2009-10-12 22:02        44736        ----a-w-        c:\windows\SysWow64\mtSubclass.dll
2015-05-26 21:16 . 2009-10-12 22:01        77504        ----a-w-        c:\windows\SysWow64\mtScrollContainer.ocx
2015-05-26 16:44 . 2015-05-26 16:44        290304        ----a-w-        c:\windows\SysWow64\subinacl.exe
2015-05-26 16:44 . 2015-05-26 16:44        --------        d-----w-        c:\program files\Adware-Removal-Tool
2015-05-26 16:44 . 2015-05-26 16:44        --------        d-----w-        c:\program files\Common Files\Microsoft
2015-05-26 16:35 . 2015-05-03 03:16        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{275BFA91-A985-4A5A-87D0-1ABE3A6CA922}\mpengine.dll
2015-05-26 16:26 . 2015-01-29 17:21        61712        ----a-w-        c:\windows\system32\drivers\PSKMAD.sys
2015-05-25 22:24 . 2015-05-25 22:24        --------        d-s---w-        c:\windows\SysWow64\Microsoft
2015-05-25 22:07 . 2015-05-25 22:07        --------        d-----w-        c:\users\defianter\AppData\Roaming\Panda Security
2015-05-25 22:07 . 2015-05-25 22:08        --------        d-----w-        c:\program files (x86)\Panda Security
2015-05-25 22:06 . 2015-05-25 22:08        --------        d-----w-        c:\programdata\Panda Security
2015-05-25 21:59 . 2015-05-25 21:59        --------        dc----w-        C:\RegBackup
2015-05-25 12:22 . 2015-05-25 12:22        --------        d-----w-        c:\program files\HitmanPro
2015-05-25 12:22 . 2015-05-25 12:44        --------        d-----w-        c:\programdata\HitmanPro
2015-05-24 09:16 . 2015-05-24 09:16        --------        d-----w-        c:\programdata\Malwarebytes
2015-05-13 22:53 . 2015-04-08 01:11        939008        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 22:53 . 2015-04-08 00:47        1505792        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2015-05-13 22:53 . 2015-04-08 00:47        1822208        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 22:53 . 2015-04-08 00:47        1482240        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2015-05-13 22:53 . 2015-04-08 00:47        1454080        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 22:53 . 2015-04-07 23:48        2294784        ----a-w-        c:\program files\Windows Journal\Journal.exe
2015-05-13 22:51 . 2015-04-30 16:03        279040        ----a-w-        c:\windows\SysWow64\schannel.dll
2015-05-13 22:51 . 2015-04-30 15:41        347648        ----a-w-        c:\windows\system32\schannel.dll
2015-05-13 22:46 . 2015-04-10 23:33        384512        ----a-w-        c:\windows\system32\services.exe
2015-05-13 22:46 . 2015-04-10 23:22        279552        ----a-w-        c:\windows\SysWow64\services.exe
2015-05-13 22:45 . 2015-04-30 13:14        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:45 . 2015-04-30 13:14        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-28 19:14 . 2014-12-03 17:00        123851        ----a-w-        c:\users\defianter\Network_Meter_Data.js
2015-05-28 17:41 . 2014-12-03 16:55        17294        ----a-w-        c:\users\defianter\IP_Log_Data.js
2015-05-13 22:55 . 2006-11-02 12:35        140425016        ----a-w-        c:\windows\system32\mrt.exe
2015-04-15 19:10 . 2012-03-31 07:44        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 19:10 . 2012-03-15 22:15        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 01:38 . 2015-04-14 01:38        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-04-14 00:35 . 2015-04-14 00:35        875720        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2015-04-14 00:35 . 2015-04-14 00:35        536776        ----a-w-        c:\windows\SysWow64\msvcp120_clr0400.dll
2015-04-14 00:26 . 2015-04-14 00:26        869568        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 00:26 . 2015-04-14 00:26        678600        ----a-w-        c:\windows\system32\msvcp120_clr0400.dll
2015-03-14 02:22 . 2015-04-15 22:00        1585248        ----a-w-        c:\windows\system32\ntdll.dll
2015-03-14 02:22 . 2015-04-15 22:00        1168080        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-03-13 01:44 . 2015-04-15 22:00        4691384        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-03-13 01:44 . 2015-04-15 22:00        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2015-03-13 01:44 . 2015-04-15 22:00        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-03-13 01:43 . 2015-04-15 22:00        43008        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-03-13 01:30 . 2015-04-15 22:00        301568        ----a-w-        c:\windows\system32\wow64win.dll
2015-03-13 01:30 . 2015-04-15 22:00        234496        ----a-w-        c:\windows\system32\wow64.dll
2015-03-13 01:30 . 2015-04-15 22:00        17408        ----a-w-        c:\windows\system32\wow64cpu.dll
2015-03-13 01:30 . 2015-04-15 22:00        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2015-03-13 00:08 . 2015-04-15 22:00        26112        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-03-13 00:08 . 2015-04-15 22:00        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2015-03-13 00:08 . 2015-04-15 22:00        2560        ----a-w-        c:\windows\SysWow64\user.exe
2015-03-09 01:01 . 2015-04-15 21:37        1249280        ----a-w-        c:\windows\SysWow64\msxml3.dll
2015-03-09 00:40 . 2015-04-15 21:37        1869824        ----a-w-        c:\windows\system32\msxml3.dll
2015-03-05 02:25 . 2015-04-15 22:01        304128        ----a-w-        c:\windows\SysWow64\gdi32.dll
2015-03-05 02:23 . 2015-04-15 21:37        57344        ----a-w-        c:\windows\SysWow64\clfsw32.dll
2015-03-05 02:14 . 2015-04-15 21:37        360384        ----a-w-        c:\windows\system32\clfs.sys
2015-03-05 01:58 . 2015-04-15 22:01        390144        ----a-w-        c:\windows\system32\gdi32.dll
2015-03-05 01:58 . 2015-04-15 21:37        77824        ----a-w-        c:\windows\system32\clfsw32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-10-08 113288]
"ipTray.exe"="c:\program files (x86)\Intel\Intel Desktop Utilities\ipTray.exe" [2011-11-10 1632456]
"BCSSync"="d:\programme\Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-17 40184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:10]
.
2015-05-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
- c:\users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-22 21:31]
.
2015-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
- c:\users\defianter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-22 21:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Phoenix RC Szenerie Berlin-Tempelhof - d:\programme\PhoenixRC\resources\environments\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet012\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2015-05-28  21:29:50
ComboFix-quarantined-files.txt  2015-05-28 19:29
ComboFix2.txt  2015-05-28 18:30
.
Vor Suchlauf: 21 Verzeichnis(se), 138.134.704.128 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 138.117.382.144 Bytes frei
.
- - End Of File - - 450B47CC3CE77D58B649F9265AD31F4E
5C616939100B85E558DA92B899A0FC36

schrauber 29.05.2015 17:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

defianter 29.05.2015 20:34
Hallo Schrauber,
hier die einzelnen Logfiles:
mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 29.05.2015 19:04:32, SYSTEM, DEFIPC, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
Update, 29.05.2015 19:04:32, SYSTEM, DEFIPC, Manual, Rootkit Database, 2015.2.25.1, 2015.5.24.1,
Update, 29.05.2015 19:04:52, SYSTEM, DEFIPC, Manual, Malware Database, 2015.3.9.5, 2015.5.29.4,
Scan, 29.05.2015 19:14:25, SYSTEM, DEFIPC, Manual, Start: 29.05.2015 19:04:44, Dauer: 9 Minuten 40 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung,
Error, 29.05.2015 19:42:25, SYSTEM, DEFIPC, Protection, IsLicensed, 13,
Protection, 29.05.2015 19:42:25, SYSTEM, DEFIPC, Protection, Malware Protection, Stopping,
Protection, 29.05.2015 19:42:25, SYSTEM, DEFIPC, Protection, Malware Protection, Stopped,

(end)
ADWCleaner


Code:
# AdwCleaner v4.205 - Bericht erstellt 29/05/2015 um 21:17:06
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Benutzername : defianter - DEFIPC
# Gestarted von : C:\Users\defianter\Desktop\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [8546 Bytes] - [18/02/2014 17:58:16]
AdwCleaner[R1].txt - [812 Bytes] - [18/02/2014 18:13:36]
AdwCleaner[R2].txt - [5515 Bytes] - [24/05/2015 10:59:05]
AdwCleaner[R3].txt - [1171 Bytes] - [25/05/2015 10:51:16]
AdwCleaner[R4].txt - [1230 Bytes] - [25/05/2015 13:59:32]
AdwCleaner[R5].txt - [1343 Bytes] - [29/05/2015 21:15:47]
AdwCleaner[S0].txt - [7359 Bytes] - [18/02/2014 17:59:08]
AdwCleaner[S1].txt - [4075 Bytes] - [24/05/2015 11:00:51]
AdwCleaner[S2].txt - [1213 Bytes] - [25/05/2015 14:07:13]
AdwCleaner[S3].txt - [1186 Bytes] - [29/05/2015 21:17:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1245  Bytes] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.4 (05.29.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by defianter on 29.05.2015 at 21:25:38,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2015 at 21:27:30,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
frischer FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015
Ran by defianter (administrator) on DEFIPC on 29-05-2015 21:28:24
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-10-08] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ipTray.exe] => C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe [1632456 2011-11-10] (Intel(R) Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-561146854-4284327693-16180569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-561146854-4284327693-16180569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.7.0_05\bin\ssv.dll [2014-05-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.7.0_05\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre1.7.0_05\bin\plugin2\npjp2.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-17]

Opera:
=======
OPR StartupUrls: "opera://startpage/"
OPR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-19]
OPR Extension: (Adblock Plus) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-13] (Protection Technology)
S2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 IduService; C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [124616 2011-11-10] (Intel(R) Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
S2 Intel(R) Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-11-10] (Intel Corporation) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-19] (Microsoft Corporation)
S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Spiele\Origin\OriginClientService.exe [1931632 2015-04-09] (Electronic Arts)
S2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-02-09] () [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-13] (Protection Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R3 cpuio; C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2012-03-15] (Intel Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c60x64.sys [292016 2010-09-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-18] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 21:27 - 2015-05-29 21:27 - 00000613 _____ () C:\Users\defianter\Desktop\JRT.txt
2015-05-29 21:22 - 2015-05-29 21:22 - 00001325 _____ () C:\Users\defianter\Desktop\AdwCleaner[S3].txt
2015-05-29 21:14 - 2015-05-29 21:14 - 00000813 _____ () C:\Users\defianter\Desktop\mbam.txt
2015-05-29 21:13 - 2015-05-29 21:13 - 00000813 ____C () C:\mbam.txt
2015-05-29 19:04 - 2015-05-29 21:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 19:02 - 2015-05-29 19:02 - 02948651 _____ (Thisisu) C:\Users\defianter\Desktop\JRT.exe
2015-05-29 17:22 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-28 21:29 - 2015-05-28 21:29 - 00018749 ____C () C:\ComboFix.txt
2015-05-28 20:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 20:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 20:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 20:10 - 2015-05-28 21:29 - 00000000 ___DC () C:\Qoobox
2015-05-28 20:10 - 2015-05-28 20:29 - 00000000 ____D () C:\Windows\erdnt
2015-05-27 18:07 - 2015-05-29 21:28 - 00000000 ___DC () C:\FRST
2015-05-26 23:18 - 2015-05-26 23:19 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-26 23:16 - 2015-05-26 23:37 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\Program Files (x86)\AllDup
2015-05-26 23:16 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-05-26 23:16 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx
2015-05-26 23:16 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtFrame.ocx
2015-05-26 23:16 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx
2015-05-26 23:16 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx
2015-05-26 23:16 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll
2015-05-26 23:16 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtScrollContainer.ocx
2015-05-26 23:16 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\Windows\SysWOW64\fldrvw90.ocx
2015-05-26 18:51 - 2015-05-26 18:51 - 00000787 _____ () C:\Users\defianter\Desktop\launcher.exe - Verknüpfung.lnk
2015-05-26 18:44 - 2015-05-26 18:44 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-26 18:44 - 2015-05-26 18:44 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-26 18:31 - 2015-05-26 19:36 - 00000000 ____D () C:\Windows\pss
2015-05-26 00:07 - 2015-05-26 00:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-26 00:06 - 2015-05-26 00:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-25 23:59 - 2015-05-25 23:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEFIPC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-25 23:59 - 2015-05-25 23:59 - 00000000 ___DC () C:\RegBackup
2015-05-25 17:55 - 2015-05-26 20:17 - 1793184127 _____ () C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso.opdownload
2015-05-25 14:22 - 2015-05-25 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 14:22 - 2015-05-25 14:22 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-25 11:48 - 2015-05-25 11:48 - 00000000 ____C () C:\autoexec.bat
2015-05-24 11:16 - 2015-05-24 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 01:11 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-14 01:11 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-14 01:11 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-14 01:11 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-14 01:11 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 01:11 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 01:11 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 01:11 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:11 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 00:51 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 00:51 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:46 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:46 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-14 00:45 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:45 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:11 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 17:11 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 17:11 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 17:11 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 21:28 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 21:28 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 21:28 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-29 21:26 - 2006-11-02 17:27 - 01850013 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 21:24 - 2014-12-03 18:55 - 00017650 _____ () C:\Users\defianter\IP_Log_Data.js
2015-05-29 21:23 - 2014-02-18 17:57 - 00000000 ____D () C:\Users\defianter\Desktop\VIRUS
2015-05-29 21:23 - 2012-08-06 18:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-29 21:18 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 21:17 - 2014-02-18 17:58 - 00000000 ____D () C:\AdwCleaner
2015-05-29 21:17 - 2013-03-03 20:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-29 21:17 - 2006-11-02 17:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-29 21:08 - 2012-03-31 09:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 21:00 - 2014-12-03 19:00 - 00124077 _____ () C:\Users\defianter\Network_Meter_Data.js
2015-05-29 20:36 - 2012-06-22 20:26 - 00001154 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
2015-05-29 19:41 - 2012-03-16 03:05 - 00870152 _____ () C:\Windows\PFRO.log
2015-05-28 23:40 - 2014-08-28 21:23 - 00000000 ____D () C:\ProgramData\Origin
2015-05-28 23:36 - 2012-06-22 20:26 - 00001132 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
2015-05-28 21:59 - 2012-09-20 16:36 - 00000000 ____D () C:\Users\defianter\Documents\Outlook-Dateien
2015-05-28 21:27 - 2006-11-02 14:34 - 00000215 ____C () C:\Windows\system.ini
2015-05-28 20:30 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2015-05-26 21:39 - 2011-02-17 20:18 - 00004789 _____ () C:\Users\defianter\Documents\kniffel.ods
2015-05-26 19:09 - 2014-01-05 13:09 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-26 19:07 - 2012-07-24 16:35 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-26 19:04 - 2014-09-30 20:13 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Anvsoft
2015-05-26 19:03 - 2012-03-20 22:07 - 00000000 ____D () C:\ProgramData\ABBYY
2015-05-26 18:47 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\uTorrent
2015-05-26 18:44 - 2015-01-10 15:10 - 00000799 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000979 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000933 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-26 01:30 - 2015-03-19 23:10 - 00000000 ____D () C:\Users\defianter\AppData\Local\JDownloader v2.0
2015-05-26 00:34 - 2006-11-02 17:21 - 00432848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:31 - 2012-03-16 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 00:07 - 2012-03-16 01:17 - 00104120 _____ () C:\Users\defianter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 11:48 - 2012-03-16 01:16 - 00000000 ____D () C:\Users\defianter
2015-05-22 19:29 - 2013-09-06 08:35 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\vlc
2015-05-20 18:59 - 2015-01-10 15:10 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420895415
2015-05-20 18:59 - 2012-03-17 01:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-16 12:08 - 2013-05-03 12:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-14 11:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:13 - 2012-04-10 18:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 01:11 - 2012-03-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 01:07 - 2013-07-13 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:55 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-14 00:46 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-14 00:45 - 2012-04-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-05-04 14:37 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2013-05-04 14:37 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url
2013-10-26 11:15 - 2013-10-26 11:37 - 0000137 _____ () C:\Users\defianter\AppData\Roaming\Camdata.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamLayout.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamShapes.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0004596 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.cfg
2013-10-26 11:33 - 2013-10-26 11:36 - 0000098 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.command
2013-10-26 11:29 - 2013-10-26 11:37 - 0000000 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.Data.ini
2013-10-26 11:29 - 2013-10-26 11:37 - 0001206 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.ini
2013-10-14 23:19 - 2013-10-14 23:19 - 0023888 _____ () C:\Users\defianter\AppData\Roaming\UserTile.png
2013-10-26 11:14 - 2013-10-26 11:30 - 0000096 _____ () C:\Users\defianter\AppData\Roaming\version2.xml
2013-07-27 00:14 - 2014-02-18 17:15 - 0000170 _____ () C:\Users\defianter\AppData\Roaming\WB.CFG
2012-03-16 02:13 - 2015-03-25 10:25 - 0001356 _____ () C:\Users\defianter\AppData\Local\d3d9caps.dat
2012-03-16 01:16 - 2012-03-16 03:52 - 0000732 _____ () C:\Users\defianter\AppData\Local\d3d9caps64.dat
2012-03-16 00:37 - 2015-02-28 15:15 - 0099840 _____ () C:\Users\defianter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-07 20:27 - 2012-05-07 20:27 - 0155712 _____ () C:\Users\defianter\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-05-07 20:26 - 2012-05-07 20:26 - 0000002 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35error.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0419972 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35install.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 2331586 _____ () C:\Users\defianter\AppData\Local\dd_NET_Framework35_x64_MSI7380.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0362916 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0424308 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0371226 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0367280 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BBB.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0013958 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0011248 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0011642 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0011722 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BBB.txt
2015-04-06 11:03 - 2015-04-06 11:03 - 0001488 _____ () C:\Users\defianter\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\defianter\AppData\Local\setup.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0002492 _____ () C:\Users\defianter\AppData\Local\uxeventlog.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 0001472 _____ () C:\Users\defianter\AppData\Local\VWL7018.tmp
2012-05-07 20:29 - 2012-05-07 20:29 - 0001906 _____ () C:\Users\defianter\AppData\Local\VWLA4A3.tmp
2013-07-12 20:13 - 2013-07-12 20:13 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\defianter\9375CFF0413111d3B88A00104B2A6676.reg
C:\Users\defianter\IP_Log_Data.js
C:\Users\defianter\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\defianter\AppData\Local\temp\Quarantine.exe
C:\Users\defianter\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-29 21:29

==================== End of log ============================

schrauber 30.05.2015 14:12

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

defianter 30.05.2015 21:37
und weiter gehts

Eset log

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cbe52382fdf4c949806510481bdbe734
# engine=24098
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-30 07:38:11
# local_time=2015-05-30 09:38:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 100 100 423050 219210665 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 99203 270538597 0 0
# scanned=397677
# found=8
# cleaned=0
# scan_time=11603
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS Trojaner" ac=I fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=90A440A11B158CACC211196FF49670F6F38EB760 ft=1 fh=8b2ddc3358c7903c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=2A261FF4F8B10153FF5FCD016DE0F8C04E5D5848 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\120a4dc0-4bd04d66"
sh=AE36097800AA354EE2F5E11978A9248CBA5F761E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\8346b92-30f5f0d8"
sh=AE36097800AA354EE2F5E11978A9248CBA5F761E ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2c4b93ea-4cb53740"
sh=AF1A861C203B33C05C1FB0E74D83D45851BC60B7 ft=1 fh=2ea4727cbbbd7817 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\defianter\Desktop\VIRUS\FREEAV1510.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAM Trojaner" ac=I fn="D:\NfS_The Run\Need for Speed The Run Limited Edition.rar"
Checkup.txt

Code:
Results of screen317's Security Check version 1.002 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51 
 Java version 32-bit out of Date!
 Adobe Flash Player        17.0.0.169 
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 defianter Desktop VIRUS SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
frisches FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015
Ran by defianter (administrator) on DEFIPC on 30-05-2015 22:32:29
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Electronic Arts) D:\Programme\Spiele\Origin\Origin.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
() C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-10-08] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ipTray.exe] => C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe [1632456 2011-11-10] (Intel(R) Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-561146854-4284327693-16180569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-561146854-4284327693-16180569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.7.0_05\bin\ssv.dll [2014-05-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.7.0_05\bin\jp2ssv.dll [2014-05-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre1.7.0_05\bin\plugin2\npjp2.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-17]

Opera:
=======
OPR StartupUrls: "opera://startpage/"
OPR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-19]
OPR Extension: (Adblock Plus) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-13] (Protection Technology)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IduService; C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [124616 2011-11-10] (Intel(R) Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 Intel(R) Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-11-10] (Intel Corporation) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-19] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Spiele\Origin\OriginClientService.exe [1931632 2015-04-09] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-02-09] () [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-13] (Protection Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R3 cpuio; C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2012-03-15] (Intel Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c60x64.sys [292016 2010-09-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-18] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 22:31 - 2015-05-30 22:31 - 00000872 _____ () C:\Users\defianter\Desktop\checkup.txt
2015-05-30 18:19 - 2015-05-30 18:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-29 21:13 - 2015-05-29 21:13 - 00000813 ____C () C:\mbam.txt
2015-05-29 19:04 - 2015-05-29 21:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 17:22 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-28 21:29 - 2015-05-28 21:29 - 00018749 ____C () C:\ComboFix.txt
2015-05-28 20:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 20:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 20:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 20:10 - 2015-05-28 21:29 - 00000000 ___DC () C:\Qoobox
2015-05-28 20:10 - 2015-05-28 20:29 - 00000000 ____D () C:\Windows\erdnt
2015-05-27 18:07 - 2015-05-30 22:32 - 00000000 ___DC () C:\FRST
2015-05-26 23:18 - 2015-05-26 23:19 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-26 23:16 - 2015-05-26 23:37 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\ProgramData\AllDup
2015-05-26 23:16 - 2015-05-26 23:16 - 00000000 ____D () C:\Program Files (x86)\AllDup
2015-05-26 23:16 - 2010-10-13 06:42 - 02369456 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.CommandBars.v13.4.2.ocx
2015-05-26 23:16 - 2010-08-20 21:53 - 00086016 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSplitter.ocx
2015-05-26 23:16 - 2010-06-11 10:50 - 00089888 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtFrame.ocx
2015-05-26 23:16 - 2010-06-01 14:45 - 01005088 _____ (Bennet-Tec Information Systems, Inc) C:\Windows\SysWOW64\TList8.ocx
2015-05-26 23:16 - 2010-03-25 10:33 - 00171752 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtRTF2.ocx
2015-05-26 23:16 - 2009-10-13 00:02 - 00044736 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtSubclass.dll
2015-05-26 23:16 - 2009-10-13 00:01 - 00077504 _____ (Michael Thummerer Software Design) C:\Windows\SysWOW64\mtScrollContainer.ocx
2015-05-26 23:16 - 2008-01-29 07:57 - 00450560 _____ (LogicNP Software (hxxp://www.ssware.com)) C:\Windows\SysWOW64\fldrvw90.ocx
2015-05-26 18:51 - 2015-05-26 18:51 - 00000787 _____ () C:\Users\defianter\Desktop\launcher.exe - Verknüpfung.lnk
2015-05-26 18:44 - 2015-05-26 18:44 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-26 18:44 - 2015-05-26 18:44 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-26 18:31 - 2015-05-26 19:36 - 00000000 ____D () C:\Windows\pss
2015-05-26 00:07 - 2015-05-26 00:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-26 00:06 - 2015-05-26 00:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-25 23:59 - 2015-05-25 23:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEFIPC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-25 23:59 - 2015-05-25 23:59 - 00000000 ___DC () C:\RegBackup
2015-05-25 17:55 - 2015-05-26 20:17 - 1793184127 _____ () C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso.opdownload
2015-05-25 14:22 - 2015-05-25 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 14:22 - 2015-05-25 14:22 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-25 11:48 - 2015-05-25 11:48 - 00000000 ____C () C:\autoexec.bat
2015-05-24 11:16 - 2015-05-24 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 01:11 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-14 01:11 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-14 01:11 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-14 01:11 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-14 01:11 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 01:11 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 01:11 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 01:11 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:11 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 00:51 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 00:51 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:46 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:46 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-14 00:45 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:45 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:11 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 17:11 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 17:11 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 17:11 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 22:10 - 2006-11-02 17:27 - 01882202 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 22:09 - 2012-03-31 09:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 22:00 - 2014-12-03 19:00 - 00124465 _____ () C:\Users\defianter\Network_Meter_Data.js
2015-05-30 21:40 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 21:40 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 20:36 - 2012-06-22 20:26 - 00001154 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
2015-05-30 17:32 - 2014-02-18 17:57 - 00000000 ____D () C:\Users\defianter\Desktop\VIRUS
2015-05-30 12:57 - 2014-08-28 21:23 - 00000000 ____D () C:\ProgramData\Origin
2015-05-30 12:02 - 2012-09-20 16:36 - 00000000 ____D () C:\Users\defianter\Documents\Outlook-Dateien
2015-05-30 11:46 - 2014-12-03 18:55 - 00017739 _____ () C:\Users\defianter\IP_Log_Data.js
2015-05-30 11:46 - 2012-08-06 18:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-05-30 11:42 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-30 11:40 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 00:42 - 2013-03-03 20:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-05-30 00:42 - 2006-11-02 17:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-29 23:36 - 2012-06-22 20:26 - 00001132 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
2015-05-29 21:17 - 2014-02-18 17:58 - 00000000 ____D () C:\AdwCleaner
2015-05-29 19:41 - 2012-03-16 03:05 - 00870152 _____ () C:\Windows\PFRO.log
2015-05-28 21:27 - 2006-11-02 14:34 - 00000215 ____C () C:\Windows\system.ini
2015-05-28 20:30 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2015-05-26 21:39 - 2011-02-17 20:18 - 00004789 _____ () C:\Users\defianter\Documents\kniffel.ods
2015-05-26 19:09 - 2014-01-05 13:09 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-26 19:07 - 2012-07-24 16:35 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-26 19:04 - 2014-09-30 20:13 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Anvsoft
2015-05-26 19:03 - 2012-03-20 22:07 - 00000000 ____D () C:\ProgramData\ABBYY
2015-05-26 18:47 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\uTorrent
2015-05-26 18:44 - 2015-01-10 15:10 - 00000799 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000979 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000933 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-26 01:30 - 2015-03-19 23:10 - 00000000 ____D () C:\Users\defianter\AppData\Local\JDownloader v2.0
2015-05-26 00:34 - 2006-11-02 17:21 - 00432848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:31 - 2012-03-16 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 00:07 - 2012-03-16 01:17 - 00104120 _____ () C:\Users\defianter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 11:48 - 2012-03-16 01:16 - 00000000 ____D () C:\Users\defianter
2015-05-22 19:29 - 2013-09-06 08:35 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\vlc
2015-05-20 18:59 - 2015-01-10 15:10 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420895415
2015-05-20 18:59 - 2012-03-17 01:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-16 12:08 - 2013-05-03 12:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-14 11:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:13 - 2012-04-10 18:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 01:11 - 2012-03-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 01:07 - 2013-07-13 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:55 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-14 00:46 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-14 00:45 - 2012-04-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-05-04 14:37 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2013-05-04 14:37 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url
2013-10-26 11:15 - 2013-10-26 11:37 - 0000137 _____ () C:\Users\defianter\AppData\Roaming\Camdata.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamLayout.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamShapes.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0004596 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.cfg
2013-10-26 11:33 - 2013-10-26 11:36 - 0000098 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.command
2013-10-26 11:29 - 2013-10-26 11:37 - 0000000 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.Data.ini
2013-10-26 11:29 - 2013-10-26 11:37 - 0001206 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.ini
2013-10-14 23:19 - 2013-10-14 23:19 - 0023888 _____ () C:\Users\defianter\AppData\Roaming\UserTile.png
2013-10-26 11:14 - 2013-10-26 11:30 - 0000096 _____ () C:\Users\defianter\AppData\Roaming\version2.xml
2013-07-27 00:14 - 2014-02-18 17:15 - 0000170 _____ () C:\Users\defianter\AppData\Roaming\WB.CFG
2012-03-16 02:13 - 2015-03-25 10:25 - 0001356 _____ () C:\Users\defianter\AppData\Local\d3d9caps.dat
2012-03-16 01:16 - 2012-03-16 03:52 - 0000732 _____ () C:\Users\defianter\AppData\Local\d3d9caps64.dat
2012-03-16 00:37 - 2015-02-28 15:15 - 0099840 _____ () C:\Users\defianter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-07 20:27 - 2012-05-07 20:27 - 0155712 _____ () C:\Users\defianter\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-05-07 20:26 - 2012-05-07 20:26 - 0000002 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35error.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0419972 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35install.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 2331586 _____ () C:\Users\defianter\AppData\Local\dd_NET_Framework35_x64_MSI7380.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0362916 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0424308 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0371226 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0367280 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BBB.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0013958 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0011248 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0011642 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0011722 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BBB.txt
2015-04-06 11:03 - 2015-04-06 11:03 - 0001488 _____ () C:\Users\defianter\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\defianter\AppData\Local\setup.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0002492 _____ () C:\Users\defianter\AppData\Local\uxeventlog.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 0001472 _____ () C:\Users\defianter\AppData\Local\VWL7018.tmp
2012-05-07 20:29 - 2012-05-07 20:29 - 0001906 _____ () C:\Users\defianter\AppData\Local\VWLA4A3.tmp
2013-07-12 20:13 - 2013-07-12 20:13 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\defianter\9375CFF0413111d3B88A00104B2A6676.reg
C:\Users\defianter\IP_Log_Data.js
C:\Users\defianter\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\defianter\AppData\Local\temp\Quarantine.exe
C:\Users\defianter\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-30 11:52

==================== End of log ============================

schrauber 31.05.2015 14:03
Java und Adobe updaten.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Program Files\Adware-Removal-Tool

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\120a4dc0-4bd04d66

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\8346b92-30f5f0d8

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2c4b93ea-4cb53740

C:\Users\defianter\Desktop\VIRUS\FREEAV1510.exe

D:\NfS_The Run\Need for Speed The Run Limited Edition.rar
Tcpip\..\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

defianter 03.06.2015 17:37
Hallo,

nachdem FIX mit FRST bootete der Rechner nicht korrekt. Erst nach einem Start im abgesicherten Modus, aaschließendem Runterfahren und wieder hochfahren lief alles normal.
Erfüllt ein FRST Log den Zweck, oder sollte ich das Prozedere mit der Fixlist nochmal testen?

Die Bootzeit hat sich leider nicht merklich verkürzt.

schrauber 04.06.2015 11:08
Die Frage "Noch Probleme" wurde ignoriert, da dachte ich alles wäre gut ;)

Poste mal ein frisches FRST Log. Wie lange dauert der Boot genau?

defianter 09.06.2015 06:27
Hallo Schrauber,
Der Bootvorgang dauert nach wie vor ca. 10 Minuten. Als ich heute FRST startete, sagte er mir, dass das importieren der Fixlist erfolgreich war und zeigte mir dieses Logfile.

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015
Ran by defianter at 2015-06-01 17:53:17 Run:1
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files\Adware-Removal-Tool

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\120a4dc0-4bd04d66

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\8346b92-30f5f0d8

C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2c4b93ea-4cb53740

C:\Users\defianter\Desktop\VIRUS\FREEAV1510.exe

D:\NfS_The Run\Need for Speed The Run Limited Edition.rar
Tcpip\..\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Emptytemp:
       
*****************

C:\Program Files\Adware-Removal-Tool => Moved successfully.
Could not move "C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe" => Scheduled to move on reboot.
C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\120a4dc0-4bd04d66 => Moved successfully.
C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\8346b92-30f5f0d8 => Moved successfully.
C:\Users\defianter\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2c4b93ea-4cb53740 => Moved successfully.
C:\Users\defianter\Desktop\VIRUS\FREEAV1510.exe => Moved successfully.
D:\NfS_The Run\Need for Speed The Run Limited Edition.rar => Moved successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BB65966-D472-42EC-BE07-99D26AA38C07}\\NameServer => value Removed successfully
EmptyTemp: => Removed 526.6 MB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-09 07:20:27)<=

C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe => Is moved successfully

==== End of Fixlog 07:20:27 ====


Wie vorgeschlagen, habe ich dann ein erneute FRST Logfile gezogen, welches dieses hier ist.

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 (ATTENTION: ====> FRSTversion is 13 days old and could be outdated)
Ran by defianter (administrator) on DEFIPC on 09-06-2015 07:22:19
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
() C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-10-08] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ipTray.exe] => C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe [1632456 2011-11-10] (Intel(R) Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-561146854-4284327693-16180569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-561146854-4284327693-16180569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-17]

Opera:
=======
OPR StartupUrls: "opera://startpage/"
OPR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-19]
OPR Extension: (Adblock Plus) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-13] (Protection Technology)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 IduService; C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [124616 2011-11-10] (Intel(R) Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 Intel(R) Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-11-10] (Intel Corporation) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-19] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Spiele\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-02-09] () [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-13] (Protection Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R3 cpuio; C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2012-03-15] (Intel Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c60x64.sys [292016 2010-09-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-18] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-05 16:43 - 2015-06-07 10:58 - 3945322728 _____ () C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso (1).opdownload
2015-05-29 21:13 - 2015-05-29 21:13 - 00000813 ____C () C:\mbam.txt
2015-05-29 19:04 - 2015-05-29 21:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 17:22 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-28 21:29 - 2015-05-28 21:29 - 00018749 ____C () C:\ComboFix.txt
2015-05-28 20:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-28 20:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-28 20:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-28 20:10 - 2015-05-28 21:29 - 00000000 ___DC () C:\Qoobox
2015-05-28 20:10 - 2015-05-28 20:29 - 00000000 ____D () C:\Windows\erdnt
2015-05-27 18:07 - 2015-06-09 07:22 - 00000000 ___DC () C:\FRST
2015-05-26 23:18 - 2015-05-26 23:19 - 00000000 ____D () C:\Program Files\Defraggler
2015-05-26 18:51 - 2015-05-26 18:51 - 00000787 _____ () C:\Users\defianter\Desktop\launcher.exe - Verknüpfung.lnk
2015-05-26 18:44 - 2015-05-26 18:44 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-26 18:31 - 2015-05-26 19:36 - 00000000 ____D () C:\Windows\pss
2015-05-26 00:07 - 2015-05-26 00:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-26 00:06 - 2015-05-26 00:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-25 23:59 - 2015-05-25 23:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEFIPC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-25 23:59 - 2015-05-25 23:59 - 00000000 ___DC () C:\RegBackup
2015-05-25 17:55 - 2015-05-26 20:17 - 1793184127 _____ () C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso.opdownload
2015-05-25 14:22 - 2015-05-25 14:44 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-25 14:22 - 2015-05-25 14:22 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-25 11:48 - 2015-05-25 11:48 - 00000000 ____C () C:\autoexec.bat
2015-05-24 11:16 - 2015-05-24 11:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 01:11 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-14 01:11 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-14 01:11 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-14 01:11 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-14 01:11 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 01:11 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 01:11 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 01:11 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:11 - 2015-04-18 01:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 00:51 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 00:51 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:46 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:46 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-14 00:45 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:45 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:11 - 2015-04-10 02:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 17:11 - 2015-04-10 01:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-13 17:11 - 2015-04-10 01:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-13 17:11 - 2015-04-10 01:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 17:11 - 2015-04-10 01:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 17:11 - 2015-04-10 01:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 17:11 - 2015-04-10 01:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 17:11 - 2015-04-10 01:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 17:11 - 2015-04-10 01:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-13 17:11 - 2015-04-10 01:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 17:11 - 2015-04-10 01:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-13 17:11 - 2015-04-10 01:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-13 17:11 - 2015-04-10 01:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 07:21 - 2014-02-18 17:57 - 00000000 ____D () C:\Users\defianter\Desktop\VIRUS
2015-06-09 07:13 - 2006-11-02 17:27 - 01081913 _____ () C:\Windows\WindowsUpdate.log
2015-06-09 07:12 - 2012-09-20 16:36 - 00000000 ____D () C:\Users\defianter\Documents\Outlook-Dateien
2015-06-09 07:10 - 2012-08-06 18:57 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-09 07:10 - 2012-03-31 09:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 07:07 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-06-09 07:04 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-09 07:04 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 07:04 - 2006-11-02 17:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 23:22 - 2014-08-28 21:23 - 00000000 ____D () C:\ProgramData\Origin
2015-06-08 23:22 - 2013-03-03 20:03 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-06-08 23:22 - 2006-11-02 17:42 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-08 23:00 - 2014-12-03 19:00 - 00126499 _____ () C:\Users\defianter\Network_Meter_Data.js
2015-06-08 21:59 - 2014-12-03 18:55 - 00018607 _____ () C:\Users\defianter\IP_Log_Data.js
2015-06-07 17:36 - 2012-06-22 20:26 - 00001154 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
2015-06-05 23:36 - 2012-06-22 20:26 - 00001132 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
2015-06-02 18:15 - 2014-08-28 21:24 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Origin
2015-06-01 18:08 - 2012-03-16 03:05 - 00872588 _____ () C:\Windows\PFRO.log
2015-06-01 17:51 - 2013-07-14 01:17 - 00000000 ____D () C:\Program Files\Java
2015-06-01 17:50 - 2014-02-14 13:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-06-01 17:50 - 2014-02-14 13:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-01 17:50 - 2014-02-14 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-01 17:50 - 2012-09-11 15:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-06-01 17:48 - 2014-08-17 14:02 - 00000000 ____D () C:\Users\defianter\AppData\Local\Adobe
2015-06-01 17:48 - 2012-03-31 09:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-01 17:48 - 2012-03-31 09:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 17:48 - 2012-03-16 00:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-29 21:17 - 2014-02-18 17:58 - 00000000 ____D () C:\AdwCleaner
2015-05-28 21:27 - 2006-11-02 14:34 - 00000215 ____C () C:\Windows\system.ini
2015-05-28 20:30 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default
2015-05-26 21:39 - 2011-02-17 20:18 - 00004789 _____ () C:\Users\defianter\Documents\kniffel.ods
2015-05-26 19:09 - 2014-01-05 13:09 - 00000000 ____D () C:\Program Files\PDFCreator
2015-05-26 19:07 - 2012-07-24 16:35 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2015-05-26 19:04 - 2014-09-30 20:13 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\Anvsoft
2015-05-26 19:03 - 2012-03-20 22:07 - 00000000 ____D () C:\ProgramData\ABBYY
2015-05-26 18:47 - 2012-03-31 17:11 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\uTorrent
2015-05-26 18:44 - 2015-01-10 15:10 - 00000799 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000979 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000933 _____ () C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-26 01:30 - 2015-03-19 23:10 - 00000000 ____D () C:\Users\defianter\AppData\Local\JDownloader v2.0
2015-05-26 00:34 - 2006-11-02 17:21 - 00432848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:31 - 2012-03-16 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-26 00:07 - 2012-03-16 01:17 - 00104120 _____ () C:\Users\defianter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 11:48 - 2012-03-16 01:16 - 00000000 ____D () C:\Users\defianter
2015-05-22 19:29 - 2013-09-06 08:35 - 00000000 ____D () C:\Users\defianter\AppData\Roaming\vlc
2015-05-20 18:59 - 2015-01-10 15:10 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420895415
2015-05-20 18:59 - 2012-03-17 01:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-16 12:08 - 2013-05-03 12:16 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-14 11:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 11:13 - 2012-04-10 18:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 01:11 - 2012-03-17 14:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 01:07 - 2013-07-13 10:24 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 00:55 - 2006-11-02 14:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-14 00:46 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-14 00:45 - 2012-04-10 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-05-04 14:37 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2013-05-04 14:37 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url
2013-10-26 11:15 - 2013-10-26 11:37 - 0000137 _____ () C:\Users\defianter\AppData\Roaming\Camdata.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamLayout.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamShapes.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0004596 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.cfg
2013-10-26 11:33 - 2013-10-26 11:36 - 0000098 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.command
2013-10-26 11:29 - 2013-10-26 11:37 - 0000000 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.Data.ini
2013-10-26 11:29 - 2013-10-26 11:37 - 0001206 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.ini
2013-10-14 23:19 - 2013-10-14 23:19 - 0023888 _____ () C:\Users\defianter\AppData\Roaming\UserTile.png
2013-10-26 11:14 - 2013-10-26 11:30 - 0000096 _____ () C:\Users\defianter\AppData\Roaming\version2.xml
2013-07-27 00:14 - 2014-02-18 17:15 - 0000170 _____ () C:\Users\defianter\AppData\Roaming\WB.CFG
2012-03-16 02:13 - 2015-03-25 10:25 - 0001356 _____ () C:\Users\defianter\AppData\Local\d3d9caps.dat
2012-03-16 01:16 - 2012-03-16 03:52 - 0000732 _____ () C:\Users\defianter\AppData\Local\d3d9caps64.dat
2012-03-16 00:37 - 2015-02-28 15:15 - 0099840 _____ () C:\Users\defianter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-07 20:27 - 2012-05-07 20:27 - 0155712 _____ () C:\Users\defianter\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-05-07 20:26 - 2012-05-07 20:26 - 0000002 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35error.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0419972 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35install.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 2331586 _____ () C:\Users\defianter\AppData\Local\dd_NET_Framework35_x64_MSI7380.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0362916 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0424308 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0371226 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0367280 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BBB.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0013958 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0011248 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0011642 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0011722 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BBB.txt
2015-04-06 11:03 - 2015-04-06 11:03 - 0001488 _____ () C:\Users\defianter\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\defianter\AppData\Local\setup.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0002492 _____ () C:\Users\defianter\AppData\Local\uxeventlog.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 0001472 _____ () C:\Users\defianter\AppData\Local\VWL7018.tmp
2012-05-07 20:29 - 2012-05-07 20:29 - 0001906 _____ () C:\Users\defianter\AppData\Local\VWLA4A3.tmp
2013-07-12 20:13 - 2013-07-12 20:13 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\defianter\9375CFF0413111d3B88A00104B2A6676.reg
C:\Users\defianter\IP_Log_Data.js
C:\Users\defianter\Network_Meter_Data.js


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-09 07:16

==================== End of log ============================

schrauber 09.06.2015 20:24
FRST bitte neu laden, die Version ist zu alt. Boote mal in den abgesicherten Modus, wie lange dauert das?

defianter 10.06.2015 16:57
FRST Log mit neuer Version

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by defianter (administrator) on DEFIPC on 10-06-2015 17:48:26
Running from C:\Users\defianter\Desktop\VIRUS
Loaded Profiles: defianter (Available Profiles: defianter)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel Desktop Utilities\iptray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
() C:\Program Files (x86)\Opera\29.0.1795.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\29.0.1795.60\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-10-08] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ipTray.exe] => C:\Program Files (x86)\Intel\Intel Desktop Utilities\ipTray.exe [1632456 2011-11-10] (Intel(R) Corporation)
HKLM-x32\...\Run: [BCSSync] => D:\Programme\Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-561146854-4284327693-16180569-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-561146854-4284327693-16180569-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-561146854-4284327693-16180569-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Programme\Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programme\Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-01] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-03] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\defianter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-561146854-4284327693-16180569-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\defianter\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-17]

Opera:
=======
OPR StartupUrls: "opera://startpage/"
OPR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnhbkkedmelfmalgjpkngiaoifpdfcnl [2015-03-19]
OPR Extension: (Adblock Plus) - C:\Users\defianter\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-01-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2013-07-13] (Protection Technology)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IduService; C:\Program Files (x86)\Intel\Intel Desktop Utilities\iduServ.exe [124616 2011-11-10] (Intel(R) Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2008-01-19] (Microsoft Corporation)
R2 Intel(R) Desktop Boards FSC Application Service; C:\Program Files (x86)\Intel\FSC\FSCAppServ.exe [61440 2011-11-10] (Intel Corporation) [File not signed]
U2 iprip; C:\Windows\System32\iprip.dll [34816 2006-11-02] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Programme\Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2006-11-02] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [190464 2009-04-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-17] (Panda Security, S.L.)
S3 NBService; D:\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-19] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programme\Spiele\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-02-09] () [File not signed]
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9728 2009-08-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-11] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81408 2009-04-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-19] (Microsoft Corporation)
S3 WMSvc; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2008-01-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3852976 2013-07-13] (Protection Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
R3 cpuio; C:\Windows\SysWOW64\Drivers\cpuiox64.sys [15384 2012-03-15] (Intel Corporation)
S3 DCamUSBSTK02N; C:\Windows\System32\DRIVERS\STK02NW2.sys [106496 2007-03-12] (Syntek Ltd.)
S3 DCamUSBSTK02N; C:\Windows\SysWOW64\DRIVERS\STK02NW2.sys [101520 2007-03-12] (Syntek Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c60x64.sys [292016 2010-09-20] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [167424 2008-01-18] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-07-15] (Jungo)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 23:58 - 2015-05-09 01:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 23:58 - 2015-05-09 01:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 23:54 - 2015-05-05 00:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 23:54 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 23:54 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 23:54 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 23:54 - 2015-05-05 00:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 23:54 - 2015-05-05 00:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 23:54 - 2015-05-05 00:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 23:54 - 2015-05-05 00:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 23:54 - 2015-05-04 23:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 23:54 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 23:53 - 2015-05-21 16:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 23:45 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 23:45 - 2015-04-24 17:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:09 - 2015-05-31 03:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:09 - 2015-05-31 02:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:09 - 2015-05-31 02:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:09 - 2015-05-31 02:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:09 - 2015-05-31 02:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:09 - 2015-05-31 02:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:09 - 2015-05-31 02:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-09 21:09 - 2015-05-31 02:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:09 - 2015-05-31 02:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:09 - 2015-05-31 02:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-09 21:09 - 2015-05-31 02:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-09 21:09 - 2015-05-31 02:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-09 21:09 - 2015-05-31 02:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:09 - 2015-05-31 01:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:09 - 2015-05-31 01:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:09 - 2015-05-31 01:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:09 - 2015-05-31 01:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:09 - 2015-05-31 01:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:09 - 2015-05-31 01:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:09 - 2015-05-31 01:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:09 - 2015-05-31 01:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:09 - 2015-05-31 01:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:09 - 2015-05-31 01:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-09 21:09 - 2015-05-31 01:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:09 - 2015-05-31 01:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:09 - 2015-05-31 01:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:09 - 2015-05-31 01:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-09 21:09 - 2015-05-31 01:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-05 16:43 - 2015-06-07 10:58 - 3945322728 _____ C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso (1).opdownload
2015-05-29 21:13 - 2015-05-29 21:13 - 00000813 ____C C:\mbam.txt
2015-05-29 19:04 - 2015-05-29 21:12 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-05-29 19:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-29 19:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-29 19:04 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-29 17:22 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-05-28 21:29 - 2015-05-28 21:29 - 00018749 ____C C:\ComboFix.txt
2015-05-28 20:11 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-05-28 20:11 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-05-28 20:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-05-28 20:11 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-05-28 20:10 - 2015-05-28 21:29 - 00000000 ___DC C:\Qoobox
2015-05-28 20:10 - 2015-05-28 20:29 - 00000000 ____D C:\Windows\erdnt
2015-05-27 18:07 - 2015-06-10 17:48 - 00000000 ___DC C:\FRST
2015-05-26 23:18 - 2015-05-26 23:19 - 00000000 ____D C:\Program Files\Defraggler
2015-05-26 18:51 - 2015-05-26 18:51 - 00000787 _____ C:\Users\defianter\Desktop\launcher.exe - Verknüpfung.lnk
2015-05-26 18:44 - 2015-05-26 18:44 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-26 18:31 - 2015-05-26 19:36 - 00000000 ____D C:\Windows\pss
2015-05-26 00:07 - 2015-05-26 00:08 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D C:\Users\defianter\AppData\Roaming\Panda Security
2015-05-26 00:07 - 2015-05-26 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-26 00:06 - 2015-05-26 00:08 - 00000000 ____D C:\ProgramData\Panda Security
2015-05-25 23:59 - 2015-05-25 23:59 - 00000207 _____ C:\Windows\tweaking.com-regbackup-DEFIPC-Windows-Vista-(TM)-Home-Premium-(64-bit).dat
2015-05-25 23:59 - 2015-05-25 23:59 - 00000000 ___DC C:\RegBackup
2015-05-25 17:55 - 2015-05-26 20:17 - 1793184127 _____ C:\Users\defianter\Downloads\KNOPPIX_V7.4.1DVD-2014-09-15-DE.iso.opdownload
2015-05-25 14:22 - 2015-05-25 14:44 - 00000000 ____D C:\ProgramData\HitmanPro
2015-05-25 14:22 - 2015-05-25 14:22 - 00000000 ____D C:\Program Files\HitmanPro
2015-05-25 11:48 - 2015-05-25 11:48 - 00000000 ____C C:\autoexec.bat
2015-05-24 11:16 - 2015-05-24 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-14 01:11 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-14 01:11 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-14 01:11 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-14 01:11 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-14 01:11 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-14 01:11 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-14 01:11 - 2015-04-18 02:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-14 01:11 - 2015-04-18 01:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-14 01:11 - 2015-04-18 01:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-14 01:11 - 2015-04-18 01:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:11 - 2015-04-18 01:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 00:51 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 00:51 - 2015-04-30 17:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 00:46 - 2015-04-11 01:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 00:46 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-14 00:45 - 2015-04-30 15:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:45 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 17:48 - 2014-02-18 17:57 - 00000000 ____D C:\Users\defianter\Desktop\VIRUS
2015-06-10 17:36 - 2012-06-22 20:26 - 00001154 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000UA.job
2015-06-10 17:08 - 2012-03-31 09:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-10 17:00 - 2014-12-03 19:00 - 00126819 _____ C:\Users\defianter\Network_Meter_Data.js
2015-06-10 16:51 - 2006-11-02 17:22 - 00004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 16:51 - 2006-11-02 17:22 - 00004976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 15:16 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2015-06-10 15:09 - 2012-03-31 09:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 15:09 - 2012-03-31 09:44 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 15:09 - 2012-03-16 00:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 15:04 - 2006-11-02 17:27 - 01661632 _____ C:\Windows\WindowsUpdate.log
2015-06-10 14:57 - 2014-12-03 18:55 - 00018862 _____ C:\Users\defianter\IP_Log_Data.js
2015-06-10 14:55 - 2012-08-06 18:57 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-10 14:53 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-10 14:51 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 14:50 - 2006-11-02 17:21 - 00432848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 14:47 - 2012-03-16 03:05 - 00878548 _____ C:\Windows\PFRO.log
2015-06-09 23:58 - 2013-03-03 20:03 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-06-09 23:58 - 2012-03-17 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-09 23:58 - 2006-11-02 17:42 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-09 23:46 - 2013-07-13 10:24 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 23:46 - 2006-11-02 14:35 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-09 23:45 - 2006-11-02 14:34 - 00000240 _____ C:\Windows\win.ini
2015-06-09 23:43 - 2014-08-28 21:23 - 00000000 ____D C:\ProgramData\Origin
2015-06-09 23:36 - 2012-06-22 20:26 - 00001132 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-561146854-4284327693-16180569-1000Core.job
2015-06-09 19:39 - 2012-09-20 16:36 - 00000000 ____D C:\Users\defianter\Documents\Outlook-Dateien
2015-06-02 18:15 - 2014-08-28 21:24 - 00000000 ____D C:\Users\defianter\AppData\Roaming\Origin
2015-06-01 17:51 - 2013-07-14 01:17 - 00000000 ____D C:\Program Files\Java
2015-06-01 17:50 - 2014-02-14 13:13 - 00000000 ____D C:\ProgramData\Oracle
2015-06-01 17:50 - 2014-02-14 13:08 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-01 17:50 - 2014-02-14 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-01 17:50 - 2012-09-11 15:44 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-01 17:48 - 2014-08-17 14:02 - 00000000 ____D C:\Users\defianter\AppData\Local\Adobe
2015-05-29 21:17 - 2014-02-18 17:58 - 00000000 ____D C:\AdwCleaner
2015-05-28 21:27 - 2006-11-02 14:34 - 00000215 ____C C:\Windows\system.ini
2015-05-28 20:30 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2015-05-26 21:39 - 2011-02-17 20:18 - 00004789 _____ C:\Users\defianter\Documents\kniffel.ods
2015-05-26 19:09 - 2014-01-05 13:09 - 00000000 ____D C:\Program Files\PDFCreator
2015-05-26 19:07 - 2012-07-24 16:35 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2015-05-26 19:04 - 2014-09-30 20:13 - 00000000 ____D C:\Users\defianter\AppData\Roaming\Anvsoft
2015-05-26 19:03 - 2012-03-20 22:07 - 00000000 ____D C:\ProgramData\ABBYY
2015-05-26 18:47 - 2012-03-31 17:11 - 00000000 ____D C:\Users\defianter\AppData\Roaming\uTorrent
2015-05-26 18:44 - 2015-01-10 15:10 - 00000799 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 29.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000979 _____ C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 18:44 - 2012-03-16 01:17 - 00000933 _____ C:\Users\defianter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-05-26 01:30 - 2015-03-19 23:10 - 00000000 ____D C:\Users\defianter\AppData\Local\JDownloader v2.0
2015-05-26 00:31 - 2012-03-16 02:11 - 00000000 ____D C:\ProgramData\AVAST Software
2015-05-26 00:07 - 2012-03-16 01:17 - 00104120 _____ C:\Users\defianter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-25 11:48 - 2012-03-16 01:16 - 00000000 ____D C:\Users\defianter
2015-05-22 19:29 - 2013-09-06 08:35 - 00000000 ____D C:\Users\defianter\AppData\Roaming\vlc
2015-05-20 18:59 - 2015-01-10 15:10 - 00003898 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420895415
2015-05-20 18:59 - 2012-03-17 01:29 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-16 12:08 - 2013-05-03 12:16 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-14 11:14 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-14 11:13 - 2012-04-10 18:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:46 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-05-14 00:45 - 2012-04-10 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2013-05-04 14:37 - 2011-07-19 03:37 - 0003262 _____ () C:\Program Files (x86)\Falco.ico
2013-05-04 14:37 - 2011-07-19 04:05 - 0000046 _____ () C:\Program Files (x86)\Falco.url
2013-10-26 11:15 - 2013-10-26 11:37 - 0000137 _____ () C:\Users\defianter\AppData\Roaming\Camdata.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamLayout.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0000408 _____ () C:\Users\defianter\AppData\Roaming\CamShapes.ini
2013-10-26 11:15 - 2013-10-26 11:37 - 0004596 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.cfg
2013-10-26 11:33 - 2013-10-26 11:36 - 0000098 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.command
2013-10-26 11:29 - 2013-10-26 11:37 - 0000000 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.Data.ini
2013-10-26 11:29 - 2013-10-26 11:37 - 0001206 _____ () C:\Users\defianter\AppData\Roaming\CamStudio.Producer.ini
2013-10-14 23:19 - 2013-10-14 23:19 - 0023888 _____ () C:\Users\defianter\AppData\Roaming\UserTile.png
2013-10-26 11:14 - 2013-10-26 11:30 - 0000096 _____ () C:\Users\defianter\AppData\Roaming\version2.xml
2013-07-27 00:14 - 2014-02-18 17:15 - 0000170 _____ () C:\Users\defianter\AppData\Roaming\WB.CFG
2012-03-16 02:13 - 2015-03-25 10:25 - 0001356 _____ () C:\Users\defianter\AppData\Local\d3d9caps.dat
2012-03-16 01:16 - 2012-03-16 03:52 - 0000732 _____ () C:\Users\defianter\AppData\Local\d3d9caps64.dat
2012-03-16 00:37 - 2015-02-28 15:15 - 0099840 _____ () C:\Users\defianter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-07 20:27 - 2012-05-07 20:27 - 0155712 _____ () C:\Users\defianter\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2012-05-07 20:26 - 2012-05-07 20:26 - 0000002 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35error.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0419972 _____ () C:\Users\defianter\AppData\Local\dd_dotnetfx35install.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 2331586 _____ () C:\Users\defianter\AppData\Local\dd_NET_Framework35_x64_MSI7380.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0362916 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0424308 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0371226 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0367280 _____ () C:\Users\defianter\AppData\Local\dd_vcredistMSI5BBB.txt
2013-07-12 21:01 - 2013-07-12 21:01 - 0013958 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI17F2.txt
2014-02-04 23:02 - 2014-02-04 23:02 - 0011248 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI2254.txt
2014-12-27 18:43 - 2014-12-27 18:44 - 0011642 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BA4.txt
2014-12-27 18:44 - 2014-12-27 18:44 - 0011722 _____ () C:\Users\defianter\AppData\Local\dd_vcredistUI5BBB.txt
2015-04-06 11:03 - 2015-04-06 11:03 - 0001488 _____ () C:\Users\defianter\AppData\Local\recently-used.xbel
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\defianter\AppData\Local\setup.txt
2012-05-07 20:26 - 2012-05-07 20:29 - 0002492 _____ () C:\Users\defianter\AppData\Local\uxeventlog.txt
2012-05-07 20:28 - 2012-05-07 20:28 - 0001472 _____ () C:\Users\defianter\AppData\Local\VWL7018.tmp
2012-05-07 20:29 - 2012-05-07 20:29 - 0001906 _____ () C:\Users\defianter\AppData\Local\VWLA4A3.tmp
2013-07-12 20:13 - 2013-07-12 20:13 - 0000011 _____ () C:\ProgramData\.tv7

Files to move or delete:
====================
C:\Users\defianter\9375CFF0413111d3B88A00104B2A6676.reg
C:\Users\defianter\IP_Log_Data.js
C:\Users\defianter\Network_Meter_Data.js


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-10 15:01

==================== End of log ============================
Laut Ereignisanzeige / Systemstart / Diagnostic Performance:

683 389 millisekunden = 11,3898167 Minuten

Der Wert schwankt immer zwischen 620000 und knapp 700000 Millisekunden


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:35 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131