Trojaner-Board - Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. (https://www.trojaner-board.de/155181-avast-programm-wurde-gruppenrichtlinie-blockiert-informationen-erhalten-systemadministrator.html)

Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.

Halle liebes Board Team ich habe wie auch andere das Problem das mein Avast von irgend etwas blockiert wird, wie auch schon im Titel zu lesen. Ich weis jetzt nur leider nicht mit was ich anfangen soll da in jedem Thread etwas anderes steht. Somit bitte ich um eure Hilfe das ich meinen Rechner wieder sauber bekomme.

mfg Timo

:hallo:

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Hallo Matthias danke schon mal für deine Hilfe.

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by Faust (administrator) on DAINEC-III on 15-06-2014 23:04:49

Running from C:\Users\Faust\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe

(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)

HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)

HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)

HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)

HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION

HKU\S-1-5-21-3619498111-4055357529-868238896-1000\...\Run: [ItewdUzkij] => regsvr32.exe "C:\ProgramData\ItewdUzkij.dat"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}

SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default

FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327

FF DefaultSearchEngine: Lycle

FF SearchEngineOrder.1: WebSearch

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");

FF SelectedSearchEngine: Lycle

FF Homepage: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js

FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml

FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14]

FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]

FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]

FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21]

FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-31]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-31]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com

FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-31]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-31]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-31]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"

CHR StartupUrls: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"

CHR Extension: (greatsaveR) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb [2014-01-16]

CHR Extension: (SNT) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi [2014-04-07]

CHR Extension: (YTBOokMaorrk) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf [2014-01-16]

CHR Extension: (sAfewiebu) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf [2014-04-07]

CHR Extension: (YoutubeAdblocker) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo [2014-01-16]

CHR Extension: (Pic Enhance) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-16]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-11-11]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed]

U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()

R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)

R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)

R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)

S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()

R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-31] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-12] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-31] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH)

R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek)

R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)

R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)

R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)

R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-15 23:04 - 2014-06-15 23:05 - 00024541 _____ () C:\Users\Faust\Downloads\FRST.txt

2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Downloads\FRST64.exe

2014-06-13 12:05 - 2014-06-15 22:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-13 12:04 - 2014-06-13 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00719128 _____ ( ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-13 12:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-13 12:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-13 12:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-05-31 01:54 - 2014-05-31 01:54 - 00002216 _____ () C:\Users\Faust\Desktop\Sicherer Zahlungsverkehr.lnk

2014-05-31 01:52 - 2014-06-15 22:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-05-31 01:52 - 2014-06-12 20:59 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2014-05-31 01:52 - 2014-06-12 20:59 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys

2014-05-31 01:52 - 2014-05-31 01:52 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Windows\ELAMBKUP

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab

2014-05-31 01:52 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll

2014-05-31 01:52 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys

2014-05-31 01:52 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:36 - 2014-05-31 01:41 - 194045080 _____ (Kaspersky Lab) C:\Users\Faust\Downloads\pure13.0.2.558abcdDE_5372.exe

2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools

2014-05-31 01:24 - 2014-05-31 01:24 - 00719352 _____ (Dailytools GmbH) C:\Users\Faust\Downloads\install_reader11_xp_de_mssd_aaa_aih.exe
 

==================== One Month Modified Files and Folders =======
 

2014-06-15 23:05 - 2014-06-15 23:04 - 00024541 _____ () C:\Users\Faust\Downloads\FRST.txt

2014-06-15 23:05 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp

2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Downloads\FRST64.exe

2014-06-15 22:58 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-15 22:58 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-15 22:54 - 2014-01-14 19:52 - 00805799 _____ () C:\Windows\WindowsUpdate.log

2014-06-15 22:54 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat

2014-06-15 22:54 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat

2014-06-15 22:54 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-15 22:51 - 2014-06-13 12:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-15 22:51 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-06-15 22:50 - 2009-07-14 06:51 - 00218580 _____ () C:\Windows\setupact.log

2014-06-15 22:49 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-15 22:49 - 2010-11-21 05:47 - 00485148 _____ () C:\Windows\PFRO.log

2014-06-15 22:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client

2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3

2014-06-13 12:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-13 12:11 - 2014-01-25 11:50 - 00000000 ____D () C:\Users\Faust\AppData\Local\genienext

2014-06-13 12:04 - 2014-06-13 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00719128 _____ ( ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-12 21:33 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin

2014-06-12 20:59 - 2014-05-31 01:52 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys

2014-06-12 20:59 - 2014-05-31 01:52 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys

2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log

2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-06-02 16:55 - 2014-01-16 18:32 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-05-31 02:16 - 2013-11-11 19:13 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys

2014-05-31 02:16 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys

2014-05-31 01:54 - 2014-05-31 01:54 - 00002216 _____ () C:\Users\Faust\Desktop\Sicherer Zahlungsverkehr.lnk

2014-05-31 01:52 - 2014-05-31 01:52 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Windows\ELAMBKUP

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0

2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab

2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:41 - 2014-05-31 01:36 - 194045080 _____ (Kaspersky Lab) C:\Users\Faust\Downloads\pure13.0.2.558abcdDE_5372.exe

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-05-31 01:24 - 2014-05-31 01:24 - 00719352 _____ (Dailytools GmbH) C:\Users\Faust\Downloads\install_reader11_xp_de_mssd_aaa_aih.exe

2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps

2014-05-28 12:54 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-05-23 22:41 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-05-16 23:55 - 2014-05-10 23:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Skype
 

Some content of TEMP:

====================

C:\Users\Faust\AppData\Local\Temp\down.4620.EzDownloader_setup.exe

C:\Users\Faust\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\Faust\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Faust\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Faust\AppData\Local\Temp\nv3DVStreaming.dll

C:\Users\Faust\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Faust\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\Faust\AppData\Local\Temp\nvStInst.exe

C:\Users\Faust\AppData\Local\Temp\PrefJsonCpp.exe

C:\Users\Faust\AppData\Local\Temp\sonarinst.exe

C:\Users\Faust\AppData\Local\Temp\sqlite3.exe

C:\Users\Faust\AppData\Local\Temp\TsuAB37D88A.dll

C:\Users\Faust\AppData\Local\Temp\UNT821D.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-08 19:34
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by Faust at 2014-06-15 23:05:16

Running from C:\Users\Faust\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)

Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version:  - )

EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden

Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)

Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden

Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden

Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)

Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden

Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)

Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden

NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)

VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)

XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 

==================== Restore Points  =========================
 

21-04-2014 17:45:05 avast! antivirus system restore point

21-04-2014 20:40:17 avast! antivirus system restore point

27-04-2014 14:30:02 DirectX wurde installiert

06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller

06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller

06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller

11-05-2014 15:03:24 DirectX wurde installiert

16-05-2014 19:17:03 DirectX wurde installiert

02-06-2014 15:11:51 DirectX wurde installiert

02-06-2014 16:00:13 DirectX wurde installiert
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)

Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll

2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll

2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-06-13 11:54 - 2014-06-13 11:54 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll

2014-06-15 22:50 - 2014-06-15 22:50 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061501\algo.dll

2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll

2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll

2014-01-14 22:44 - 2013-09-17 04:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-05-10 11:20 - 2014-05-10 11:20 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 

Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/02/2014 07:05:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/02/2014 04:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/31/2014 03:24:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (06/15/2014 10:51:45 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EVE",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DC1FE64F-4EA6-463E-8BAC-F388B8156CA6}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/12/2014 08:36:47 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎08.‎06.‎2014 um 19:38:16 unerwartet heruntergefahren.
 

Error: (06/02/2014 07:10:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (05/31/2014 03:24:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.
 

Error: (05/31/2014 03:24:51 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)

Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.
 

Error: (05/31/2014 03:24:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet: 

%%1747
 

Error: (05/31/2014 03:24:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 

%%-2147024882
 

Error: (05/31/2014 03:22:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1069
 

Error: (05/31/2014 03:22:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 

%%1352
 

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
 

Error: (05/31/2014 03:22:07 AM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 

Microsoft Office Sessions:

=========================

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 

Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/02/2014 07:05:06 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/02/2014 04:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/31/2014 03:24:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-06-08 19:35:31.840

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.839

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.838

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.826

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.824

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.822

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.006

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.005

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.003

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:55.988

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 24%

Total physical RAM: 10185.38 MB

Available physical RAM: 7708.4 MB

Total Pagefile: 20368.96 MB

Available Pagefile: 17683.93 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:465.54 GB) (Free:390.98 GB) NTFS

Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.45 GB) NTFS

Drive g: () (Fixed) (Total:232.88 GB) (Free:232.79 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 233 GB) (Disk ID: BF5FBF5F)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 932 GB) (Disk ID: 6C0AACB3)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Alle Tools auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

start

HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION

end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ComboFix.

so hier die von dir gewünschten logs.

FRST

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014

Ran by Faust at 2014-06-16 13:37:22 Run:1

Running from C:\Users\Faust\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

start

HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION

end

*****************
 

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.
 

==== End of Fixlog ====

-------------

ComboFix

Code:

ComboFix 14-06-16.01 - Faust 16.06.2014  13:52:49.2.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.10185.8227 [GMT 2:00]

ausgeführt von:: c:\users\Faust\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-05-16 bis 2014-06-16  ))))))))))))))))))))))))))))))

.

.

2014-06-16 11:55 . 2014-06-16 11:55        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2014-06-16 11:55 . 2014-06-16 11:55        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-06-16 11:55 . 2014-06-16 11:55        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2014-06-15 21:04 . 2014-06-16 11:37        --------        d-----w-        C:\FRST

2014-06-13 10:05 . 2014-06-16 11:36        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-13 10:04 . 2014-06-13 10:04        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-06-13 10:04 . 2014-06-13 10:04        --------        d-----w-        c:\programdata\Malwarebytes

2014-06-13 10:04 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-06-13 10:04 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-06-13 10:04 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-05-30 23:52 . 2013-11-11 17:13        64856        ----a-w-        c:\windows\system32\klfphc.dll

2014-05-30 23:52 . 2011-06-02 12:39        66616        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys

2014-05-30 23:52 . 2014-05-30 23:52        --------        dc----w-        c:\windows\system32\DRVSTORE

2014-05-30 23:52 . 2011-06-02 12:39        84536        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys

2014-05-30 23:52 . 2014-05-30 23:52        --------        d-----w-        c:\windows\ELAMBKUP

2014-05-30 23:52 . 2014-05-30 23:52        --------        d-----w-        c:\program files (x86)\Common Files\InfoWatch

2014-05-30 23:52 . 2014-06-16 11:32        --------        d-----w-        c:\programdata\Kaspersky Lab

2014-05-30 23:52 . 2014-05-30 23:52        --------        d-----w-        c:\program files (x86)\Kaspersky Lab

2014-05-30 23:52 . 2014-06-12 18:59        628288        ----a-w-        c:\windows\system32\drivers\klif.sys

2014-05-30 23:52 . 2014-06-12 18:59        92768        ----a-w-        c:\windows\system32\drivers\klflt.sys

2014-05-30 23:37 . 2014-05-30 23:37        --------        d-----w-        c:\users\Faust\AppData\Local\Adobe

2014-05-30 23:35 . 2014-05-30 23:35        --------        d-----w-        c:\program files (x86)\Common Files\Adobe

2014-05-30 23:26 . 2014-05-30 23:26        352256        ----a-w-        c:\windows\SysWow64\update1.dll

2014-05-30 23:25 . 2014-05-30 23:25        --------        d-----w-        c:\program files\Dailytools

2014-05-30 23:25 . 2014-05-30 23:25        --------        d-----w-        c:\program files (x86)\Dailytools

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-15 21:32 . 2014-01-14 23:27        214392        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-05-31 00:16 . 2012-08-02 13:09        29792        ----a-w-        c:\windows\system32\drivers\klim6.sys

2014-05-31 00:16 . 2013-11-11 17:13        458336        ----a-w-        c:\windows\system32\drivers\kl1.sys

2014-05-23 20:52 . 2014-01-14 23:27        214392        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-05-14 10:52 . 2014-01-16 01:31        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-14 10:52 . 2014-01-16 01:31        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-05-12 16:42 . 2014-04-21 20:40        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys

2014-05-12 16:42 . 2014-04-21 20:40        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys

2014-05-12 16:42 . 2014-04-21 20:40        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys

2014-04-21 20:40 . 2014-04-21 20:40        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2014-04-21 20:40 . 2014-04-21 20:40        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2014-04-21 20:40 . 2014-04-21 20:40        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2014-04-21 20:40 . 2014-04-21 20:40        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys

2014-04-21 20:40 . 2014-04-21 20:40        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2014-04-21 20:40 . 2014-04-21 20:40        334648        ----a-w-        c:\windows\system32\aswBoot.exe

2014-04-21 20:40 . 2014-04-21 20:40        43152        ----a-w-        c:\windows\avastSS.scr

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}]

2014-05-30 23:50        255472        ----a-w-        c:\program files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2014-02-19 13:13        294456        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2014-05-30 23:57        458944        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]

"EnvyHFCPL"="c:\program files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2010-09-09 543344]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ISCTSystray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 RL_DJIFIE2_MIDI;Digital Jockey - IE2 WDM MIDI Device;c:\windows\system32\drivers\rldjif2m.sys;c:\windows\SYSNATIVE\drivers\rldjif2m.sys [x]

R3 RL_DJIFIE2_USB;usb-audio.de driver for Reloop Digital Jockey - IE2;c:\windows\system32\Drivers\rldjif2u.sys;c:\windows\SYSNATIVE\Drivers\rldjif2u.sys [x]

R3 RL_DJIFIE2_WDM;Digital Jockey - IE2 WDM Audio;c:\windows\system32\drivers\rldjif2a.sys;c:\windows\SYSNATIVE\drivers\rldjif2a.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]

S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]

S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]

S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]

S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]

S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

DailytoolsInstallerService        REG_MULTI_SZ           DailytoolsInstallerService

DailytoolsUpdateService        REG_MULTI_SZ           DailytoolsUpdateService

.

Inhalt des "geplante Tasks" Ordners

.

2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-16 10:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}]

2014-05-30 23:50        301040        ----a-w-        c:\program files\Dailytools\Websearch\1.0.0.5\Websearch.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]

2014-02-19 13:13        357432        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-04-21 20:40        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2014-05-30 23:57        491200        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]

"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-12-06 7506136]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.google.com

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=

FF - prefs.js: browser.search.selectedEngine - Lycle

FF - prefs.js: browser.startup.homepage - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

FF - prefs.js: keyword.URL - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-06-16  13:56:45

ComboFix-quarantined-files.txt  2014-06-16 11:56

ComboFix2.txt  2014-06-16 11:46

.

Vor Suchlauf: 12 Verzeichnis(se), 427.404.623.872 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 427.328.606.208 Bytes frei

.

- - End Of File - - 351CFD59715C8C5E34B1978ADC4101CC

5FB38429D5D77768867C76DCBDB35194

Mehrere Anti-Virus-Programme

Code:

Kaspersky

avast!

Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:

Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."

Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Ich habe Kaspersike erst installiert nachdem ich bemerkt hatte das Avast blockiert wurde um eventuell den virusbefall weg zu bekommen aber hat ja leider nicht geholfen.
Kaspersky war auch nur eine Test-Version somit habe ich diese wieder gelöscht.

FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by Faust (administrator) on DAINEC-III on 16-06-2014 15:06:23

Running from C:\Users\Faust\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe

(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)

HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)

HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)

HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}

SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default

FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327

FF DefaultSearchEngine: Lycle

FF SearchEngineOrder.1: WebSearch

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");

FF SelectedSearchEngine: Lycle

FF Homepage: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js

FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml

FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14]

FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]

FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]

FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"

CHR StartupUrls: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"

CHR Extension: (greatsaveR) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb [2014-01-16]

CHR Extension: (SNT) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi [2014-04-07]

CHR Extension: (YTBOokMaorrk) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf [2014-01-16]

CHR Extension: (sAfewiebu) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf [2014-04-07]

CHR Extension: (YoutubeAdblocker) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo [2014-01-16]

CHR Extension: (Pic Enhance) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-16]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)

R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed]

U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()

R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)

S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()

R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH)

R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek)

R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)

R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)

R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)

R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)

S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-16 15:01 - 2014-06-16 15:06 - 00017649 _____ () C:\Users\Faust\Desktop\FRST.txt

2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database

2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp

2014-06-16 13:40 - 2014-06-16 13:56 - 00000000 ____D () C:\Qoobox

2014-06-16 13:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-06-16 13:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-06-16 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-06-16 13:39 - 2014-06-16 13:46 - 00000000 ____D () C:\Windows\erdnt

2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe

2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe

2014-06-15 23:04 - 2014-06-16 15:06 - 00000000 ____D () C:\FRST

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools
 

==================== One Month Modified Files and Folders =======
 

2014-06-16 15:06 - 2014-06-16 15:01 - 00017649 _____ () C:\Users\Faust\Desktop\FRST.txt

2014-06-16 15:06 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST

2014-06-16 15:06 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp

2014-06-16 15:03 - 2014-01-14 19:52 - 00816324 _____ () C:\Windows\WindowsUpdate.log

2014-06-16 15:03 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat

2014-06-16 15:03 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat

2014-06-16 15:03 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-16 14:59 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-16 14:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-16 14:59 - 2009-07-14 06:51 - 00221058 _____ () C:\Windows\setupact.log

2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database

2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Gast

2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Administrator

2014-06-16 14:56 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-16 14:56 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-16 14:47 - 2010-11-21 05:47 - 00487562 _____ () C:\Windows\PFRO.log

2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp

2014-06-16 13:56 - 2014-06-16 13:40 - 00000000 ____D () C:\Qoobox

2014-06-16 13:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-06-16 13:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-06-16 13:46 - 2014-06-16 13:39 - 00000000 ____D () C:\Windows\erdnt

2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe

2014-06-16 13:33 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-16 13:31 - 2014-01-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-06-15 23:53 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin

2014-06-15 23:32 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe

2014-06-15 23:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe

2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client

2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3

2014-06-13 12:11 - 2014-01-25 11:50 - 00000000 ____D () C:\Users\Faust\AppData\Local\genienext

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log

2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-06-02 16:55 - 2014-01-16 18:32 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps

2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-08 19:34
 

==================== End Of Log ============================

--- --- ---

Addition.txt

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by Faust at 2014-06-16 15:06:38

Running from C:\Users\Faust\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)

C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)

Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version:  - )

EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden

Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden

Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)

Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden

Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)

Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden

NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)

VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)

XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 

==================== Restore Points  =========================
 

27-04-2014 14:30:02 DirectX wurde installiert

06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller

06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller

06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller

11-05-2014 15:03:24 DirectX wurde installiert

16-05-2014 19:17:03 DirectX wurde installiert

02-06-2014 15:11:51 DirectX wurde installiert

02-06-2014 16:00:13 DirectX wurde installiert

16-06-2014 11:41:00 ComboFix created restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)

Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll

2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll

2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-06-16 13:33 - 2014-06-16 13:33 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061600\algo.dll

2014-04-21 22:40 - 2014-04-21 22:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-05-10 11:20 - 2014-05-10 11:20 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-01-14 22:44 - 2013-09-17 04:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 

Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (06/16/2014 01:55:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:45:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:44:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:39:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "DailytoolsUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (06/15/2014 10:51:45 PM) (Source: bowser) (EventID: 8003) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EVE",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DC1FE64F-4EA6-463E-8BAC-F388B8156CA6}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (06/12/2014 08:36:47 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎08.‎06.‎2014 um 19:38:16 unerwartet heruntergefahren.
 

Error: (06/02/2014 07:10:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
 

Error: (05/31/2014 03:24:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.
 

Error: (05/31/2014 03:24:51 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)

Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.
 
 

Microsoft Office Sessions:

=========================

Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 

Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-06-08 19:35:31.840

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.839

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.838

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.826

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.824

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.822

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.006

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.005

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.003

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:55.988

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 18%

Total physical RAM: 10185.38 MB

Available physical RAM: 8308.04 MB

Total Pagefile: 20368.96 MB

Available Pagefile: 18323.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:465.54 GB) (Free:398.84 GB) NTFS

Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.51 GB) NTFS

Drive g: () (Fixed) (Total:232.88 GB) (Free:232.5 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 6C0AACB3)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 233 GB) (Disk ID: BF5FBF5F)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Gut gemacht, so geht es weiter:

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:

Code:

iedefaults; resetIEproxy; FFdefaults; CHRdefaults; emptyclsid; autoclean;
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

AdwCleaner[R1]

Code:

# AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 22:08:02

# Aktualisiert 05/06/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Faust - DAINEC-III

# Gestartet von : C:\Users\Faust\Desktop\adwcleaner_3.212.exe

# Option : Suchen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\Faust\AppData\Roaming\LiveSupport.exe_log.txt

Datei Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

Datei Gefunden : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js

Datei Gefunden : C:\Users\Faust\AppData\Roaming\regsvr32.exe_log.txt

Datei Gefunden : C:\Users\Faust\daemonprocess.txt

Datei Gefunden : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

Ordner Gefunden : C:\Program Files (x86)\Common Files\337

Ordner Gefunden : C:\Program Files (x86)\eSupport.com

Ordner Gefunden : C:\Program Files (x86)\Mobogenie

Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro

Ordner Gefunden : C:\Program Files (x86)\sAfewiebu

Ordner Gefunden : C:\Program Files (x86)\SNT

Ordner Gefunden : C:\Program Files (x86)\WinZipper

Ordner Gefunden : C:\Program Files (x86)\wisen wizard

Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport

Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2

Ordner Gefunden : C:\ProgramData\sAfewiebu

Ordner Gefunden : C:\ProgramData\SNT

Ordner Gefunden : C:\ProgramData\SuperbApp

Ordner Gefunden : C:\ProgramData\WPM

Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Ordner Gefunden : C:\Users\Administrator\AppData\Local\torch

Ordner Gefunden : C:\Users\Faust\AppData\Local\eSupport.com

Ordner Gefunden : C:\Users\Faust\AppData\Local\genienext

Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Ordner Gefunden : C:\Users\Faust\AppData\Local\Mobogenie

Ordner Gefunden : C:\Users\Faust\AppData\Local\torch

Ordner Gefunden : C:\Users\Faust\AppData\Roaming\iSafe

Ordner Gefunden : C:\Users\Faust\Documents\Mobogenie

Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Ordner Gefunden : C:\Users\Gast\AppData\Local\torch
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )

Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )

Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )

Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )

Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : HKCU\Software\Optimizer Pro

Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro

Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gefunden : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Schlüssel Gefunden : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gefunden : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : HKLM\Software\Desksvc

Schlüssel Gefunden : HKLM\Software\hdcode

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1095609242

Schlüssel Gefunden : HKLM\Software\supWPM

Schlüssel Gefunden : HKLM\Software\V9

Schlüssel Gefunden : HKLM\Software\winzipersvc

Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7601.17514
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js ]
 

Zeile gefunden : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327");

Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");

Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");

Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");

Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");

Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");

Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51");

Zeile gefunden : user_pref("extensions.JGGilVm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]

Zeile gefunden : user_pref("extensions.TWGH6x7fjw.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElement[...]

Zeile gefunden : user_pref("extensions.f3T9AwM6b9t.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self.location.protocol.indexOf('hxxp')>-1 && windo[...]

Zeile gefunden : user_pref("extensions.qTVQ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]

Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
 

-\\ Google Chrome v
 

[ Datei : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gefunden [Startup_urls] : hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

Gefunden [Extension] : nehhmemmagpfpcdjhimpmkncfhogjdcf
 

*************************
 

AdwCleaner[R0].txt - [10550 octets] - [16/06/2014 15:23:46]

AdwCleaner[R1].txt - [10211 octets] - [16/06/2014 22:08:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10272 octets] ##########

AdwCleaner[S0]

Code:

# AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 22:09:01

# Aktualisiert 05/06/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Faust - DAINEC-III

# Gestartet von : C:\Users\Faust\Desktop\adwcleaner_3.212.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\SNT

Ordner Gelöscht : C:\ProgramData\SuperbApp

Ordner Gelöscht : C:\ProgramData\WPM

Ordner Gelöscht : C:\ProgramData\sAfewiebu

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2

Ordner Gelöscht : C:\Program Files (x86)\eSupport.com

Ordner Gelöscht : C:\Program Files (x86)\Mobogenie

Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro

Ordner Gelöscht : C:\Program Files (x86)\SNT

Ordner Gelöscht : C:\Program Files (x86)\WinZipper

Ordner Gelöscht : C:\Program Files (x86)\wisen wizard

Ordner Gelöscht : C:\Program Files (x86)\sAfewiebu

Ordner Gelöscht : C:\Program Files (x86)\Common Files\337

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch

Ordner Gelöscht : C:\Users\Faust\AppData\Local\eSupport.com

Ordner Gelöscht : C:\Users\Faust\AppData\Local\genienext

Ordner Gelöscht : C:\Users\Faust\AppData\Local\Mobogenie

Ordner Gelöscht : C:\Users\Faust\AppData\Local\torch

Ordner Gelöscht : C:\Users\Faust\AppData\Roaming\iSafe

Ordner Gelöscht : C:\Users\Faust\Documents\Mobogenie

Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Datei Gelöscht : C:\Users\Faust\daemonprocess.txt

Datei Gelöscht : C:\Users\Faust\AppData\Roaming\LiveSupport.exe_log.txt

Datei Gelöscht : C:\Users\Faust\AppData\Roaming\regsvr32.exe_log.txt

Datei Gelöscht : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk

Datei Gelöscht : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js

Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1095609242

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Optimizer Pro

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Schlüssel Gelöscht : HKLM\Software\Desksvc

Schlüssel Gelöscht : HKLM\Software\hdcode

Schlüssel Gelöscht : HKLM\Software\supWPM

Schlüssel Gelöscht : HKLM\Software\V9

Schlüssel Gelöscht : HKLM\Software\winzipersvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7601.17514
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327");

Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");

Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");

Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");

Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51");

Zeile gelöscht : user_pref("extensions.JGGilVm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]

Zeile gelöscht : user_pref("extensions.TWGH6x7fjw.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElement[...]

Zeile gelöscht : user_pref("extensions.f3T9AwM6b9t.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self.location.protocol.indexOf('hxxp')>-1 && windo[...]

Zeile gelöscht : user_pref("extensions.qTVQ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]

Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
 

-\\ Google Chrome v
 

[ Datei : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht [Startup_urls] : hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51

Gelöscht [Extension] : nehhmemmagpfpcdjhimpmkncfhogjdcf
 

*************************
 

AdwCleaner[R0].txt - [10550 octets] - [16/06/2014 15:23:46]

AdwCleaner[R1].txt - [10365 octets] - [16/06/2014 22:08:02]

AdwCleaner[S0].txt - [9605 octets] - [16/06/2014 22:09:01]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9665 octets] ##########

mbam

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 16.06.2014

Suchlauf-Zeit: 22:14:09

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.06.16.07

Rootkit Datenbank: v2014.06.02.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Faust
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 298133

Verstrichene Zeit: 4 Min, 10 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

zoek-results

Code:

Zoek.exe v5.0.0.0 Updated 16-June-2014

Tool run by Faust on 16.06.2014 at 22:21:22,86.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Faust\Desktop\zoek.exe [Scan all users] [Script inserted] 
 

==== System Restore Info ======================
 

16.06.2014 22:22:38 Zoek.exe System Restore Point Created Succesfully.
 

==== Deleting CLSID Registry Keys ======================
 
 

==== Deleting CLSID Registry Values ======================
 
 

==== Deleting Services ======================
 
 

==== FireFox Fix ======================
 

Deleted from C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js:

user_pref("browser.search.defaultenginename", "Lycle");

user_pref("browser.search.selectedEngine", "Lycle");
 

Added to C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js:

user_pref("browser.startup.homepage", "hxxp://www.google.com");

user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "hxxp://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);
 

ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default
 

user.js not found

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- Lines extensions.JGGilVm removed from prefs.js ----

user_pref("extensions.JGGilVm.epoch", "1398188826");

user_pref("extensions.JGGilVm.url", "hxxp://toolkitcard.info/sync2/?q=hfZ9ofDSBShEAen0rTkFqGhTB6lKDzt4okmxtNtVh7n0rjnEqda6rjk8qTsFtMFHhd9Fqda9rTwFqHn7

---- Lines extensions.TWGH6x7fjw removed from prefs.js ----

user_pref("extensions.TWGH6x7fjw.epoch", "1390185851");

user_pref("extensions.TWGH6x7fjw.url", "hxxp://getsrv1.info/sync2/?q=hfZ9ofV9CShEAen0rjC9rGhTB6lKDzt4okmxtNtVh7n0rjnErjw7rjgHrjr7tMFHhd9FqdaFrjUErTn9r

---- Lines extensions.f3T9AwM6b9t removed from prefs.js ----

user_pref("extensions.f3T9AwM6b9t.epoch", "1390185851");

user_pref("extensions.f3T9AwM6b9t.url", "hxxp://toolkitcoupon.us/sync2/?q=hfZ9oeDGDzrMCyVUojw6qdrMg708BNmGWj8wmihGheDUojw9rdwFqTw7rHwGqihIC7n0rjnErjw4

---- Lines extensions.qTVQ removed from prefs.js ----

user_pref("extensions.qTVQ.epoch", "1398188827");

user_pref("extensions.qTVQ.url", "hxxp://taxtaxuk.eu/sync2/?q=hfZ9ofq7D7sMCyVUojs8rjCMg708BNmGWj8wmihGheDUojw9rdnEqHw8qjk8pchIC7n0rjnEqdsFrjC9qTa4tNhV

---- FireFox user.js and prefs.js backups ---- 
 

prefs__2229_.backup
 

==== Deleting Files \ Folders ======================
 

C:\Users\Faust\.android deleted

C:\PROGRA~2\greatsaveR deleted

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted

C:\Users\Faust\Favorites\Startfenster.lnk deleted

C:\Users\Faust\Favorites\Links\Startfenster.lnk deleted

C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk deleted

C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk deleted

C:\Users\Faust\AppData\Roaming\All CPU MeterV3_Settings.ini deleted

C:\PROGRA~3\InstallMate deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Faust\AppData\Local\cache deleted

C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml deleted

C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\jetpack deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{497C131E-2032-051B-B32A-C69A960FBB13}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{497C131E-2032-051B-B32A-C69A960FBB13}.old" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted

"C:\PROGRA~3\a23d7ff01cc6f6c1" deleted
 

==== Firefox Extensions Registry ======================
 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.04.2014 22:40]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [20.02.2014 20:27]
 

==== Firefox Extensions ======================
 

ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default

- Blue Fox - %ProfilePath%\extensions\{241aae70-0022-11de-87af-0800200c9a66}

- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- Undetermined - %ProfilePath%\extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi
 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
 

==== Firefox Plugins ======================
 

Profilepath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default

A58DE0A570148AF5FF3512B2A340D09F        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -        Shockwave Flash
 
 

==== Chrome Look ======================
 

greatsaveR - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

greatsaveR - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

greatsaveR - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

SNT - Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

Pic Enhance - Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

greatsaveR - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

greatsaveR - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

greatsaveR - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb

SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi

YTBOokMaorrk - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf

sAfewiebu - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf

YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo

Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
 

==== Chrome Fix ======================
 

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
 

==== Set IE to Default ======================
 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="hxxp://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="hxxp://www.google.com"

"Default_Page_URL"="hxxp://www.google.com"

"Start Page"="hxxp://www.google.com"

"Search Page"="hxxp://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="hxxp://www.google.com"

"Default_Page_URL"="hxxp://www.google.com"

"Start Page"="hxxp://www.google.com"

"Search Page"="hxxp://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU
 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="hxxp://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 

==== All HKCU SearchScopes ======================
 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{CB127E1A-135A-4672-BE00-0D3162B1E50B} Lycle  Url="https://www.lycle.net/results?q={searchTerms}"

{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} SuchMaschine  Url="hxxp://www.sm.de/?q={searchTerms}"
 

==== Reset Google Chrome ======================
 

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully

C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully

C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 

==== Reset IE Proxy ======================
 

Value(s) before fix:

"ProxyEnable"=dword:00000000
 

Value(s) after fix:

"ProxyEnable"=dword:00000000
 

==== Deleting Registry Keys ======================
 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\443c42b8-5c1c-48db-b253-c12b2beb55f7 deleted successfully
 

==== Empty IE Cache ======================
 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 

==== Empty FireFox Cache ======================
 

C:\Users\Faust\AppData\Local\Mozilla\Firefox\Profiles\fh9zfzqi.default\Cache emptied successfully
 

==== Empty Chrome Cache ======================
 

No Chrome Cache found
 

==== Empty All Flash Cache ======================
 

Flash Cache Emptied Successfully
 

==== Empty All Java Cache ======================
 

No Java Cache Found
 

==== C:\zoek_backup content ======================
 

C:\zoek_backup (files=478 folders=163 33700215 bytes)
 

==== Empty Temp Folders ======================
 

C:\Users\Administrator\AppData\Local\temp emptied successfully

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\Faust\AppData\Local\Temp will be emptied at reboot

C:\Users\Gast\AppData\Local\temp emptied successfully

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot
 

==== After Reboot ======================
 

==== Empty Temp Folders ======================
 

C:\Windows\Temp successfully emptied

C:\Users\Faust\AppData\Local\Temp successfully emptied
 

==== Empty Recycle Bin ======================
 

C:\$RECYCLE.BIN successfully emptied
 

==== Deleting Files / Folders ======================
 

"C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
 

==== EOF on 16.06.2014 at 22:35:40,14 ======================

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014

Ran by Faust (administrator) on DAINEC-III on 16-06-2014 22:38:16

Running from C:\Users\Faust\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)

HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)

HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)

HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk

ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe

SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}

SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default

FF NewTab: hxxp://www.google.com/

FF SearchEngineOrder.1: Google

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.google.com

FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14]

FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]

FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]

FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
 

Chrome: 

=======

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()

S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed]

U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()

R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]
 

==================== Drivers (Whitelisted) ====================
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()

R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)

S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.)

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()

R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()

R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()

R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-16] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH)

S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH)

R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek)

R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)

R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)

R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)

R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-16 22:38 - 2014-06-16 22:38 - 00016156 _____ () C:\Users\Faust\Desktop\FRST.txt

2014-06-16 22:36 - 2014-06-16 22:36 - 00023967 _____ () C:\Users\Faust\Desktop\zoek-results.txt

2014-06-16 22:32 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:21 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-06-16 22:22 - 2014-06-16 22:35 - 00023967 _____ () C:\zoek-results.log

2014-06-16 22:21 - 2014-06-16 22:35 - 00000000 ____D () C:\zoek_backup

2014-06-16 22:20 - 2014-06-16 22:20 - 00001156 _____ () C:\Users\Faust\Desktop\mbam.txt

2014-06-16 22:14 - 2014-06-16 22:15 - 01285120 _____ () C:\Users\Faust\Desktop\zoek.exe

2014-06-16 22:13 - 2014-06-16 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 22:13 - 2014-06-16 22:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 22:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-16 22:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-16 22:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-16 22:09 - 2014-06-16 22:09 - 00009753 _____ () C:\Users\Faust\Desktop\AdwCleaner[S0].txt

2014-06-16 22:08 - 2014-06-16 22:08 - 00010365 _____ () C:\Users\Faust\Desktop\AdwCleaner[R1].txt

2014-06-16 15:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-06-16 15:23 - 2014-06-16 22:15 - 00000000 ____D () C:\AdwCleaner

2014-06-16 15:21 - 2014-06-16 15:21 - 01333465 _____ () C:\Users\Faust\Desktop\adwcleaner_3.212.exe

2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database

2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt

2014-06-16 13:40 - 2014-06-16 13:56 - 00000000 ____D () C:\Qoobox

2014-06-16 13:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-06-16 13:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-06-16 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-06-16 13:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-06-16 13:39 - 2014-06-16 13:46 - 00000000 ____D () C:\Windows\erdnt

2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe

2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe

2014-06-15 23:04 - 2014-06-16 22:38 - 00000000 ____D () C:\FRST

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools
 

==================== One Month Modified Files and Folders =======
 

2014-06-16 22:38 - 2014-06-16 22:38 - 00016156 _____ () C:\Users\Faust\Desktop\FRST.txt

2014-06-16 22:38 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp

2014-06-16 22:38 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST

2014-06-16 22:37 - 2014-06-16 22:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-16 22:36 - 2014-06-16 22:36 - 00023967 _____ () C:\Users\Faust\Desktop\zoek-results.txt

2014-06-16 22:35 - 2014-06-16 22:22 - 00023967 _____ () C:\zoek-results.log

2014-06-16 22:35 - 2014-06-16 22:21 - 00000000 ____D () C:\zoek_backup

2014-06-16 22:35 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-16 22:35 - 2010-11-21 05:47 - 00488584 _____ () C:\Windows\PFRO.log

2014-06-16 22:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-16 22:35 - 2009-07-14 06:51 - 00223536 _____ () C:\Windows\setupact.log

2014-06-16 22:34 - 2014-01-14 19:52 - 00823733 _____ () C:\Windows\WindowsUpdate.log

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Public\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp

2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp

2014-06-16 22:29 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust

2014-06-16 22:21 - 2014-06-16 22:32 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-06-16 22:20 - 2014-06-16 22:20 - 00001156 _____ () C:\Users\Faust\Desktop\mbam.txt

2014-06-16 22:18 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-16 22:18 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-16 22:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-16 22:15 - 2014-06-16 22:14 - 01285120 _____ () C:\Users\Faust\Desktop\zoek.exe

2014-06-16 22:15 - 2014-06-16 15:23 - 00000000 ____D () C:\AdwCleaner

2014-06-16 22:15 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat

2014-06-16 22:15 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat

2014-06-16 22:15 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-16 22:13 - 2014-06-16 22:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-16 22:10 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-06-16 22:09 - 2014-06-16 22:09 - 00009753 _____ () C:\Users\Faust\Desktop\AdwCleaner[S0].txt

2014-06-16 22:09 - 2014-01-14 20:32 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-06-16 22:09 - 2014-01-14 18:58 - 00001166 _____ () C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-06-16 22:09 - 2014-01-14 18:58 - 00000983 _____ () C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2014-06-16 22:08 - 2014-06-16 22:08 - 00010365 _____ () C:\Users\Faust\Desktop\AdwCleaner[R1].txt

2014-06-16 15:21 - 2014-06-16 15:21 - 01333465 _____ () C:\Users\Faust\Desktop\adwcleaner_3.212.exe

2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database

2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Gast

2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Administrator

2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt

2014-06-16 13:56 - 2014-06-16 13:40 - 00000000 ____D () C:\Qoobox

2014-06-16 13:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-06-16 13:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2014-06-16 13:46 - 2014-06-16 13:39 - 00000000 ____D () C:\Windows\erdnt

2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe

2014-06-16 13:31 - 2014-01-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-06-15 23:53 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin

2014-06-15 23:32 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe

2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe

2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client

2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3

2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World

2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies

2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log

2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World

2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol

2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe

2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe

2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools

2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps

2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-08 19:34
 

==================== End Of Log ============================

--- --- ---

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014

Ran by Faust at 2014-06-16 22:38:45

Running from C:\Users\Faust\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)

C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )

Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)

Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version:  - )

EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden

Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden

Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden

Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)

Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden

Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version:  - Native Instruments)

Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden

NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)

VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)

XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
 

==================== Restore Points  =========================
 

27-04-2014 14:30:02 DirectX wurde installiert

06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller

06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller

06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller

11-05-2014 15:03:24 DirectX wurde installiert

16-05-2014 19:17:03 DirectX wurde installiert

02-06-2014 15:11:51 DirectX wurde installiert

02-06-2014 16:00:13 DirectX wurde installiert

16-06-2014 11:41:00 ComboFix created restore point

16-06-2014 20:22:29 zoek.exe restore point
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)

Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe

2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll

2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll

2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-06-16 13:33 - 2014-06-16 13:33 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061600\algo.dll

2014-04-21 22:40 - 2014-04-21 22:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/16/2014 10:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 10:10:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 10:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
 

System errors:

=============

Error: (06/16/2014 10:29:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 10:29:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 10:29:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 10:29:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 10:29:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:55:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:45:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:44:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (06/16/2014 01:39:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "DailytoolsUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

Microsoft Office Sessions:

=========================

Error: (06/16/2014 10:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 10:10:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 10:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-06-08 19:35:31.840

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.839

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.838

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.826

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.824

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-08 19:35:31.822

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.006

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.005

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:56.003

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2014-06-05 09:29:55.988

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 17%

Total physical RAM: 10185.38 MB

Available physical RAM: 8370.21 MB

Total Pagefile: 20368.96 MB

Available Pagefile: 18421.66 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:465.54 GB) (Free:398.7 GB) NTFS

Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.51 GB) NTFS

Drive g: () (Fixed) (Total:232.88 GB) (Free:232.5 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 6C0AACB3)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 233 GB) (Disk ID: BF5FBF5F)

Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Servus,

Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Wählen Sie eine
Kopiere nun folgendes in die Suchleiste

Code:

C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll
und klicke auf Öffnen.
Klicke auf Scannen!.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

Diese Datei wurde bereits von VirusTotal analysiert...

klicke auf Neu analysieren.
Warte bis dir das Analysedatum angezeigt wird und der Scan abgeschlossen ist.
Kopiere den Link aus deiner Adresszeile und poste ihn hier.

https://www.virustotal.com/de/file/15ba6c6a3687e57fb45fff1982ff4057d0d76cdffadf8667d7443dd7d96eebe8/analysis/1403007525/

Zitat:

Zitat von Faust606 (Beitrag 1317458)

https://www.virustotal.com/de/file/15ba6c6a3687e57fb45fff1982ff4057d0d76cdffadf8667d7443dd7d96eebe8/analysis/1403007525/

Du hast die falsche Datei bei VirusTotal hochgeladen... ;)

Nochmal meine Anleitung lesen bitte ... :)

oh entschuldigung das sollte jetzt die richtige datei sein

https://www.virustotal.com/de/file/905a58c022c471752b763084f0c61ae2e759bb98639d3c8e785ea52aced118d5/analysis/1403009205/

Hast du das folgende Programm absichtlich/bewusst installiert?

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

Was kannst du mir hierzu sagen?

nicht das ich wüsste ich weis nicht mal was ich damit machen soll...

Zitat:

Zitat von Faust606 (Beitrag 1317492)

nicht das ich wüsste ich weis nicht mal was ich damit machen soll...

Dachte ich mir.... :rofl:

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

start

SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}

SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]

FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]

R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]

C:\Windows\SysWOW64\update1.dll

C:\Program Files\Dailytools

C:\Program Files (x86)\Dailytools

Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Reboot:

end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:folderfind Dailytools :regfind Dailytools
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von SystemLook,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

FRST

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014

Ran by Faust at 2014-06-17 15:06:26 Run:2

Running from C:\Users\Faust\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

start

SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}

SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}

BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]

FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]

R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]

C:\Windows\SysWOW64\update1.dll

C:\Program Files\Dailytools

C:\Program Files (x86)\Dailytools

Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION

Reboot:

end

*****************
 

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB}' => Key deleted successfully.

'HKCR\CLSID\{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB}'=> Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.

'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB127E1A-135A-4672-BE00-0D3162B1E50B}' => Key deleted successfully.

'HKCR\CLSID\{CB127E1A-135A-4672-BE00-0D3162B1E50B}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB}' => Key deleted successfully.

'HKCR\CLSID\{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB}'=> Key not found.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}' => Key deleted successfully.

'HKCR\CLSID\{C2F7351C-5957-4744-B159-59EBEA4E7027}' => Key deleted successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{C2F7351C-5957-4744-B159-59EBEA4E7027}' => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.

'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.

C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi => Moved successfully.

C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi => Moved successfully.

DailytoolsUpdateService => Service stopped successfully.

DailytoolsUpdateService => Service deleted successfully.

C:\Windows\SysWOW64\update1.dll => Moved successfully.

C:\Program Files\Dailytools => Moved successfully.

C:\Program Files (x86)\Dailytools => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{889EEEFA-3513-4B9B-BF66-8408714E73C9}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{889EEEFA-3513-4B9B-BF66-8408714E73C9}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser' => Key deleted successfully.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

SystemLook

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 15:10 on 17/06/2014 by Faust

Administrator - Elevation successful
 

========== folderfind ==========
 

Searching for "Dailytools"

C:\FRST\Quarantine\C\Program Files\Dailytools        d------        [23:25 30/05/2014]

C:\FRST\Quarantine\C\Program Files (x86)\Dailytools        d------        [23:25 30/05/2014]
 

========== regfind ==========
 

Searching for "Dailytools"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]

"url1"="C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\0\win32]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\HELPDIR]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\0\win32]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\HELPDIR]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost]

"DailytoolsInstallerService"="DailytoolsInstallerService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost]

"DailytoolsUpdateService"="DailytoolsUpdateService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\0\win32]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}\1.0\HELPDIR]

@="C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5"

[HKEY_USERS\S-1-5-21-3619498111-4055357529-868238896-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]

"url1"="C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll"
 

Searching for "         "

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe"="Malwarebytes Anti-Malware                                   "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]

"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="2.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Resource>                 </Res

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]

"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="2.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                                

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#]

"DeviceDesc"="SD/MMC          "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_16GB&REV_0000#AA6270935J1000000209&0#]

"DeviceDesc"="16GB            "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#]

"DeviceDesc"="SD/MMC          "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_16GB&REV_0000#AA6270935J1000000209&0#]

"DeviceDesc"="16GB            "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626476&0#]

"DeviceDesc"="SD/MMC          "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_ST&PROD_16GB&REV_0000#AA6270935J1000000209&0#]

"DeviceDesc"="16GB            "

[HKEY_USERS\S-1-5-21-3619498111-4055357529-868238896-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe"="Malwarebytes Anti-Malware                                   "

[HKEY_USERS\S-1-5-21-3619498111-4055357529-868238896-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

"C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe"="Malwarebytes Anti-Malware                                   "
 

-= EOF =-

Esetlog

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=4601ae776f3dd348b71798f93f86f63f

# engine=18756

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-06-17 01:23:55

# local_time=2014-06-17 03:23:55 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Internet Security'

# compatibility_mode=781 16777213 100 96 3426 4898631 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 100417212 154641285 0 0

# scanned=5417

# found=2

# cleaned=0

# scan_time=112

sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"

sh=2C06A350EA95B428E1BD9BBC94B5932061EC71DB ft=1 fh=a351c33b2a9de0d7 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=4601ae776f3dd348b71798f93f86f63f

# engine=18756

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-06-17 02:12:29

# local_time=2014-06-17 04:12:29 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Internet Security'

# compatibility_mode=781 16777213 100 96 6340 4901545 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 100420126 154644199 0 0

# scanned=185871

# found=2

# cleaned=0

# scan_time=2851

sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"

sh=2C06A350EA95B428E1BD9BBC94B5932061EC71DB ft=1 fh=a351c33b2a9de0d7 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"

checkup

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 13.0.0.214  

 Adobe Reader XI  

 Mozilla Firefox (29.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast avastui.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

start

Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B46FF469-6915-4F4C-A208-0982540A8871}" /f

Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost" /v DailytoolsInstallerService /f

Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost" /v DailytoolsUpdateService /f

Reboot:

end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Adobe Flash Player 13

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Adobe Flash Player

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Schönen guten Abend ich habe jetzt alle Schritte von dir ausgefürht aber leider wurde der Fixlogmit gelöscht ich hoffe das ist jetzt nicht weiter tragisch. Ich habe allerdings noch die Frage ob die große kostepflichtige Version auch eine Alternatieve für Malwarebyts ist weil diese bei Avast im Angebot war hab ich sie mir fuer meine Freundin und mich angeschafft.

mfg Timo

MBAM ist keine Alternative, sondern als Ergänzung zu einem AV-Programm wie Avast zu verstehen. ;)

Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.