Trojaner-Board - Troj.gen.zlob in C:\windows\system32\asfar.exe

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Troj.gen.zlob in C:\windows\system32\asfar.exe (https://www.trojaner-board.de/162165-troj-gen-zlob-c-windows-system32-asfar-exe.html)

Bonkers1982

26.12.2014 11:07

Troj.gen.zlob in C:\windows\system32\asfar.exe

Hab mir einen Trojaner eingefangen und zwar die Shopping Helper Smartbar. Kann dieses Tool weder auf normalem WEgen och mit den angegebenen Hinweisen deinstallieren. Läuft immer noch im Hintergrund über den Internet Explorer, ohne das ich diesen über den Taskmanager schließen kann.

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2014

Ran by Bonkers (administrator) on BONKERS-PC on 26-12-2014 10:53:50

Running from C:\Users\Bonkers\Desktop

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\MountPoints2: L - L:\setup.exe

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\MountPoints2: {d8886c6b-71a4-11e4-9aea-806e6f6e6963} - H:\Autorun.exe

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\MountPoints2: {f92a4bd0-71dc-11e4-9685-806e6f6e6963} - H:\.\Bin\ASSETUP.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (HQ-Video-Pro-2.1cV22.12) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmggllmmdmjlbkfnbpmmfaofkihmcag [2014-12-22]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S2 SPDRIVER_1.38.0.1449; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-26 10:53 - 2014-12-26 10:54 - 00016175 _____ () C:\Users\Bonkers\Desktop\FRST.txt

2014-12-26 10:53 - 2014-12-26 10:53 - 00000000 ____D () C:\FRST

2014-12-26 10:50 - 2014-12-26 10:50 - 02122240 _____ (Farbar) C:\Users\Bonkers\Desktop\FRST64.exe

2014-12-26 10:09 - 2014-12-26 10:09 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2014-12-24 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-22 20:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 20:27 - 2014-12-22 20:27 - 01174352 _____ () C:\Users\Bonkers\Downloads\Revo Uninstaller - CHIP-Installer.exe

2014-12-22 18:51 - 2014-12-25 10:41 - 00000000 ____D () C:\AdwCleaner

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:37 - 2014-12-26 09:41 - 00001344 _____ () C:\Windows\Tasks\IKQVC.job

2014-12-22 17:37 - 2014-12-22 17:37 - 00004378 _____ () C:\Windows\System32\Tasks\IKQVC

2014-12-22 17:36 - 2014-12-26 09:41 - 00001344 _____ () C:\Windows\Tasks\MYOPH.job

2014-12-22 17:36 - 2014-12-22 17:36 - 00004378 _____ () C:\Windows\System32\Tasks\MYOPH

2014-12-22 17:16 - 2014-12-22 17:16 - 00003164 _____ () C:\Windows\System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23}

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:53 - 2014-12-26 09:41 - 00001694 _____ () C:\Windows\Tasks\KJDTZZNB.job

2014-12-22 16:53 - 2014-12-26 09:41 - 00001342 _____ () C:\Windows\Tasks\ZIGV.job

2014-12-22 16:53 - 2014-12-22 16:53 - 00004728 _____ () C:\Windows\System32\Tasks\KJDTZZNB

2014-12-22 16:53 - 2014-12-22 16:53 - 00004376 _____ () C:\Windows\System32\Tasks\ZIGV

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:47 - 2014-12-22 16:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-22 16:40 - 2014-12-22 16:40 - 00003090 _____ () C:\Windows\System32\Tasks\upfs7235

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2014-12-26 09:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-06 16:19 - 2014-12-06 16:20 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Windows\SysWOW64\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Users\Bonkers\Desktop\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-03 09:39 - 2014-12-03 09:39 - 00000000 ____D () C:\Users\Bonkers\AppData\OICE_15_974FA576_32C1D314_2E3D

2014-12-02 19:33 - 2014-12-21 20:48 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-02 19:33 - 2014-12-02 19:33 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-02 19:33 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Skype

2014-12-02 19:33 - 2014-12-02 19:33 - 00000000 ____D () C:\ProgramData\Skype

2014-12-02 19:33 - 2014-12-02 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-12-02 17:41 - 2005-11-03 14:43 - 21504000 _____ () C:\Users\Bonkers\Desktop\BF2 DVD_MINI.MDF

2014-12-02 17:37 - 2014-12-02 17:37 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\PunkBuster

2014-12-02 13:37 - 2014-12-03 09:39 - 00042960 _____ () C:\Users\Bonkers\Desktop\unbekannter Anhang

2014-12-01 14:00 - 2014-12-01 14:15 - 00000358 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2014-12-01 13:58 - 2014-12-22 16:52 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-01 13:58 - 2014-12-01 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BF2Hub Client

2014-12-01 13:40 - 2014-12-01 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES

2014-12-01 13:36 - 2014-12-01 13:36 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-12-01 13:29 - 2014-12-01 14:05 - 00000000 ____D () C:\Users\Bonkers\Documents\Battlefield 2

2014-11-29 10:07 - 2014-12-22 16:38 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-11-28 14:18 - 2014-11-28 14:18 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Steam

2014-11-28 14:14 - 2014-11-28 16:01 - 00000000 ____D () C:\Users\Bonkers\Desktop\codex-dead.rising.3.upd.1

2014-11-28 13:44 - 2014-11-28 13:44 - 00000000 ____D () C:\Users\Bonkers\Desktop\neu

2014-11-28 13:02 - 2014-11-28 13:16 - 00000000 ____D () C:\Windows\SysWOW64\directx

2014-11-27 10:18 - 2014-11-27 10:18 - 00000000 _____ () C:\Users\Bonkers\Sti_Trace.log

2014-11-26 08:08 - 2014-11-26 08:08 - 00000000 __SHD () C:\Users\Bonkers\AppData\Local\EmieUserList

2014-11-26 08:08 - 2014-11-26 08:08 - 00000000 __SHD () C:\Users\Bonkers\AppData\Local\EmieSiteList

2014-11-26 08:08 - 2014-11-26 08:08 - 00000000 __SHD () C:\Users\Bonkers\AppData\Local\EmieBrowserModeList
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-26 10:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-26 10:23 - 2014-11-21 18:25 - 01773985 _____ () C:\Windows\WindowsUpdate.log

2014-12-26 10:11 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2014-12-26 10:09 - 2014-11-21 19:39 - 00111520 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-26 09:58 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-26 09:58 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2014-12-26 09:54 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-26 09:54 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-26 09:41 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-26 09:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-23 21:50 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2014-12-23 07:43 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:47 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-12-02 19:06 - 2011-04-12 08:43 - 00699208 _____ () C:\Windows\system32\perfh007.dat

2014-12-02 19:06 - 2011-04-12 08:43 - 00149348 _____ () C:\Windows\system32\perfc007.dat

2014-12-02 19:06 - 2009-07-14 06:13 - 01619752 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-01 13:40 - 2014-11-21 18:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-28 14:18 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2014-11-26 20:16 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQ-Profile
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-25 11:56
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2014

Ran by Bonkers at 2014-12-26 10:54:18

Running from C:\Users\Bonkers\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Shopping Helper Smartbar (HKLM-x32\...\{DD4CA175-B85B-434A-8A3B-7E04CDD1741F}) (Version: 11.126.63.20709 - ReSoft Ltd.) <==== ATTENTION

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

26-12-2014 10:14:39 Revo Uninstaller's restore point - Shopping Helper Smartbar
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {03FF4FAA-3F65-4649-BA09-CF5C56BDF83F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION

Task: {11BF4DA3-8AB0-4AF5-95D6-57BCEF87BC89} - System32\Tasks\IKQVC => C:\Users\Bonkers\AppData\Roaming\IKQVC.exe <==== ATTENTION

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {33C6B45F-BE4D-4E01-A84B-C98D6D3B4236} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION

Task: {38479FCC-F8AA-42D9-A584-2213E4F86991} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {AD861F1E-980A-4C5A-8796-93A81E388F99} - System32\Tasks\ZIGV => C:\Users\Bonkers\AppData\Roaming\ZIGV.exe <==== ATTENTION

Task: {B08998D5-4C32-4115-BADF-AE1608EFB8DC} - System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs4

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {E8CD5A44-700F-4F37-AF38-5E689D8F1E04} - System32\Tasks\upfs7235 => C:\PROGRA~2\Flwsrf\upfs7235.exe

Task: {EB96EAB6-E9F5-42E8-A5A9-7CEEBCF98BAB} - System32\Tasks\KJDTZZNB => C:\Users\Bonkers\AppData\Roaming\KJDTZZNB.exe <==== ATTENTION

Task: {FF553CE1-4E47-49FD-BA13-81B0E22C4C47} - System32\Tasks\MYOPH => C:\Users\Bonkers\AppData\Roaming\MYOPH.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\IKQVC.job => C:\Users\Bonkers\AppData\Roaming\IKQVC.exe <==== ATTENTION

Task: C:\Windows\Tasks\KJDTZZNB.job => C:\Users\Bonkers\AppData\Roaming\KJDTZZNB.exe <==== ATTENTION

Task: C:\Windows\Tasks\MYOPH.job => C:\Users\Bonkers\AppData\Roaming\MYOPH.exe <==== ATTENTION

Task: C:\Windows\Tasks\ZIGV.job => C:\Users\Bonkers\AppData\Roaming\ZIGV.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2013-12-20 14:23 - 2013-12-20 14:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2014-11-23 12:14 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 02048184 _____ () C:\Windows\Installer\MSI63B5.tmp

2014-12-26 10:15 - 2014-12-26 10:15 - 00239616 _____ () C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Installer.CustomActions.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00013312 _____ () C:\Windows\Installer\MSI63B5.tmp-\PILogManager.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00021504 _____ () C:\Windows\Installer\MSI63B5.tmp-\srsl.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00012288 _____ () C:\Windows\Installer\MSI63B5.tmp-\PIFlagsManager.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00043008 _____ () C:\Windows\Installer\MSI63B5.tmp-\PILogger.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00054784 _____ () C:\Windows\Installer\MSI63B5.tmp-\sppsm.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00034304 _____ () C:\Windows\Installer\MSI63B5.tmp-\srbu.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00010240 _____ () C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Personalization.Common.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00062976 _____ () C:\Windows\Installer\MSI63B5.tmp-\srut.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00159232 _____ () C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Infrastructure.Utilities.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00007680 _____ () C:\Windows\Installer\MSI63B5.tmp-\srbhu.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00074240 _____ () C:\Windows\Installer\MSI63B5.tmp-\srpt.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00027136 _____ () C:\Windows\Installer\MSI63B5.tmp-\srptc.dll

2014-12-26 10:15 - 2014-12-26 10:15 - 00011776 _____ () C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Common.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: SPDRIVER_1.38.0.1449

Description: SPDRIVER_1.38.0.1449

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: SPDRIVER_1.38.0.1449

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/26/2014 09:52:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (12/26/2014 09:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2014 00:02:49 PM) (Source: MsiInstaller) (EventID: 11719) (User: Bonkers-PC)

Description: Product: Shopping Helper Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 

Error: (12/25/2014 00:02:49 PM) (Source: MsiInstaller) (EventID: 11719) (User: Bonkers-PC)

Description: Product: Shopping Helper Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.
 

Error: (12/25/2014 11:59:03 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/25/2014 10:54:46 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/25/2014 10:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/25/2014 10:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/25/2014 10:54:39 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (12/25/2014 10:43:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (12/26/2014 10:54:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:54:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:53:21 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:53:15 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:53:12 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:52:57 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:52:56 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:52:33 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:52:28 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (12/26/2014 10:52:27 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================

Error: (12/26/2014 09:52:34 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (12/26/2014 09:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/25/2014 00:02:49 PM) (Source: MsiInstaller) (EventID: 11719) (User: Bonkers-PC)

Description: Product: Shopping Helper Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (12/25/2014 00:02:49 PM) (Source: MsiInstaller) (EventID: 11719) (User: Bonkers-PC)

Description: Product: Shopping Helper Smartbar -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)
 

Error: (12/25/2014 11:59:03 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (12/25/2014 10:54:46 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bonkers\Desktop\esetsmartinstaller_deu.exe
 

Error: (12/25/2014 10:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bonkers\Desktop\esetsmartinstaller_deu.exe
 

Error: (12/25/2014 10:54:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bonkers\Desktop\esetsmartinstaller_deu.exe
 

Error: (12/25/2014 10:54:39 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Bonkers\Desktop\esetsmartinstaller_deu.exe
 

Error: (12/25/2014 10:43:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 33%

Total physical RAM: 8093.13 MB

Available physical RAM: 5396.3 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 13093.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:43.76 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:333.72 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:396.12 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.98 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Sorry f+ür den Themennamen, aber den ursprünglichen wollte er nciht annehmen, wo etwas zur Shopping Helper Smartbar im Titel verhanden war.

schrauber

26.12.2014 14:37

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Shopping Helper Smartbar
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bonkers1982

27.12.2014 19:46

Combofix Logfile:

Code:

ComboFix 14-12-25.01 - Bonkers 27.12.2014  10:15:08.1.8 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8093.5741 [GMT 1:00]

ausgeführt von:: c:\users\Bonkers\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SPDRIVER_1.38.0.1449

-------\Service_SPDRIVER_1.38.0.1449

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-11-27 bis 2014-12-27  ))))))))))))))))))))))))))))))

.

.

2014-12-26 09:53 . 2014-12-26 09:54        --------        d-----w-        C:\FRST

2014-12-26 09:09 . 2014-12-26 09:09        --------        d-----w-        c:\windows\system32\log

2014-12-26 08:53 . 2014-12-26 08:53        --------        d-----w-        c:\program files\CCleaner

2014-12-24 10:58 . 2014-12-24 10:58        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-12-24 10:58 . 2014-12-24 10:58        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-12-24 10:58 . 2014-12-24 10:58        --------        d-----w-        c:\programdata\Malwarebytes

2014-12-24 10:58 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-12-24 10:58 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-12-24 10:58 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-12-22 19:29 . 2014-12-27 09:10        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-12-22 17:51 . 2014-12-25 09:41        --------        d-----w-        C:\AdwCleaner

2014-12-22 16:02 . 2014-12-22 16:02        --------        d-----w-        c:\users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 16:01 . 2014-12-22 16:01        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 15:52 . 2014-12-22 16:00        --------        d-----w-        c:\program files (x86)\Common Files\Symantec Shared

2014-12-22 15:47 . 2014-12-22 15:47        2290        ----a-w-        c:\windows\patsearch.bin

2014-12-22 15:46 . 2014-12-22 15:55        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\StormFall

2014-12-22 15:46 . 2014-12-22 15:46        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\sparta111

2014-12-22 15:46 . 2014-12-22 15:51        --------        d-----w-        c:\users\Bonkers\AppData\Local\Sparta

2014-12-22 15:46 . 2014-12-22 15:46        --------        d-----w-        c:\users\Bonkers\AppData\Local\StormFall

2014-12-18 06:36 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe

2014-12-18 06:36 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2014-12-17 07:42 . 2014-12-17 07:42        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Origin

2014-12-17 07:42 . 2014-12-17 08:44        --------        d-----w-        c:\programdata\Origin

2014-12-17 07:42 . 2014-12-17 07:42        --------        d-----w-        c:\program files (x86)\Origin

2014-12-16 16:41 . 2014-12-17 07:42        --------        d-----w-        c:\programdata\Electronic Arts

2014-12-16 15:56 . 2008-07-12 07:18        3851784        ----a-w-        c:\windows\SysWow64\D3DX9_39.dll

2014-12-16 15:53 . 2014-12-17 07:42        --------        d-----w-        c:\program files (x86)\Electronic Arts

2014-12-15 13:44 . 2014-12-26 08:58        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 08:33 . 2014-12-11 08:33        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2014-12-11 08:33 . 2014-12-11 08:33        --------        d-----w-        c:\program files\Java

2014-12-10 15:49 . 2014-12-10 15:49        --------        d-----w-        c:\windows\system32\appraiser

2014-12-10 09:58 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll

2014-12-10 09:58 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll

2014-12-10 09:58 . 2014-07-07 02:06        206848        ----a-w-        c:\windows\system32\mfps.dll

2014-12-10 09:58 . 2014-07-07 02:06        55808        ----a-w-        c:\windows\system32\rrinstaller.exe

2014-12-10 09:58 . 2014-07-07 02:06        24576        ----a-w-        c:\windows\system32\mfpmp.exe

2014-12-10 09:58 . 2014-07-07 02:02        2048        ----a-w-        c:\windows\system32\mferror.dll

2014-12-10 09:58 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\SysWow64\mfps.dll

2014-12-10 09:58 . 2014-07-07 01:39        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe

2014-12-10 09:58 . 2014-07-07 01:39        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe

2014-12-10 09:58 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\SysWow64\mferror.dll

2014-12-10 07:09 . 2014-12-04 02:50        413184        ----a-w-        c:\windows\system32\generaltel.dll

2014-12-10 07:09 . 2014-12-04 02:50        741376        ----a-w-        c:\windows\system32\invagent.dll

2014-12-10 07:09 . 2014-12-04 02:50        396800        ----a-w-        c:\windows\system32\devinv.dll

2014-12-10 07:09 . 2014-12-04 02:50        227328        ----a-w-        c:\windows\system32\aepdu.dll

2014-12-10 07:09 . 2014-12-04 02:50        192000        ----a-w-        c:\windows\system32\aepic.dll

2014-12-10 07:09 . 2014-12-04 02:44        1083392        ----a-w-        c:\windows\system32\aeinv.dll

2014-12-10 07:09 . 2014-12-01 23:28        1232040        ----a-w-        c:\windows\system32\aitstatic.exe

2014-12-10 07:09 . 2014-11-11 03:09        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll

2014-12-10 07:09 . 2014-11-11 02:44        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll

2014-12-10 07:07 . 2014-10-30 02:03        165888        ----a-w-        c:\windows\system32\charmap.exe

2014-12-06 15:19 . 2014-12-06 15:20        291496        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-12-06 15:19 . 2014-12-06 15:19        76152        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2014-12-06 15:19 . 2014-12-06 15:19        291496        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-12-06 15:19 . 2014-12-06 15:19        912744        ----a-w-        c:\windows\SysWow64\pbsvc.exe

2014-12-02 18:33 . 2014-12-02 18:33        --------        d-----w-        c:\users\Bonkers\AppData\Local\Skype

2014-12-02 18:33 . 2014-12-21 19:48        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Skype

2014-12-02 18:33 . 2014-12-02 18:33        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-12-02 18:33 . 2014-12-02 18:33        --------        d-----r-        c:\program files (x86)\Skype

2014-12-02 18:33 . 2014-12-02 18:33        --------        d-----w-        c:\programdata\Skype

2014-12-02 16:37 . 2014-12-02 16:37        --------        d-----w-        c:\users\Bonkers\AppData\Local\PunkBuster

2014-12-01 12:58 . 2014-12-22 15:52        --------        d-----w-        c:\program files (x86)\BF2Hub Client

2014-12-01 12:38 . 2004-10-22 01:18        749568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll

2014-12-01 12:38 . 2004-10-22 01:17        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll

2014-12-01 12:38 . 2004-10-22 01:17        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll

2014-12-01 12:38 . 2004-10-22 01:16        180224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll

2014-12-01 12:38 . 2004-10-22 01:16        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe

2014-12-01 12:38 . 2014-12-01 12:38        323716        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll

2014-12-01 12:38 . 2014-12-01 12:38        192644        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll

2014-11-28 13:18 . 2014-11-28 13:18        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Steam

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-15 15:16 . 2014-11-21 20:13        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-12-15 15:16 . 2014-11-21 20:13        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-11-23 01:01 . 2014-11-23 01:01        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll

2014-11-23 01:01 . 2014-11-23 01:01        942592        ----a-w-        c:\windows\system32\jsIntl.dll

2014-11-23 01:01 . 2014-11-23 01:01        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2014-11-23 01:01 . 2014-11-23 01:01        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2014-11-23 01:01 . 2014-11-23 01:01        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-11-23 01:01 . 2014-11-23 01:01        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll

2014-11-23 01:01 . 2014-11-23 01:01        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx

2014-11-23 01:01 . 2014-11-23 01:01        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2014-11-23 01:01 . 2014-11-23 01:01        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll

2014-11-23 01:01 . 2014-11-23 01:01        337408        ----a-w-        c:\windows\SysWow64\html.iec

2014-11-23 01:01 . 2014-11-23 01:01        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2014-11-23 01:01 . 2014-11-23 01:01        235008        ----a-w-        c:\windows\system32\elshyph.dll

2014-11-23 01:01 . 2014-11-23 01:01        182272        ----a-w-        c:\windows\SysWow64\msls31.dll

2014-11-23 01:01 . 2014-11-23 01:01        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe

2014-11-23 01:01 . 2014-11-23 01:01        139264        ----a-w-        c:\windows\SysWow64\wextract.exe

2014-11-23 01:01 . 2014-11-23 01:01        13312        ----a-w-        c:\windows\SysWow64\mshta.exe

2014-11-23 01:01 . 2014-11-23 01:01        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2014-11-23 01:01 . 2014-11-23 01:01        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2014-11-23 01:01 . 2014-11-23 01:01        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2014-11-23 01:01 . 2014-11-23 01:01        81408        ----a-w-        c:\windows\system32\icardie.dll

2014-11-23 01:01 . 2014-11-23 01:01        774144        ----a-w-        c:\windows\system32\jscript.dll

2014-11-23 01:01 . 2014-11-23 01:01        77312        ----a-w-        c:\windows\system32\tdc.ocx

2014-11-23 01:01 . 2014-11-23 01:01        62464        ----a-w-        c:\windows\system32\pngfilt.dll

2014-11-23 01:01 . 2014-11-23 01:01        616104        ----a-w-        c:\windows\system32\ieapfltr.dat

2014-11-23 01:01 . 2014-11-23 01:01        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2014-11-23 01:01 . 2014-11-23 01:01        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2014-11-23 01:01 . 2014-11-23 01:01        48128        ----a-w-        c:\windows\system32\imgutil.dll

2014-11-23 01:01 . 2014-11-23 01:01        413696        ----a-w-        c:\windows\system32\html.iec

2014-11-23 01:01 . 2014-11-23 01:01        30208        ----a-w-        c:\windows\system32\licmgr10.dll

2014-11-23 01:01 . 2014-11-23 01:01        247808        ----a-w-        c:\windows\system32\msls31.dll

2014-11-23 01:01 . 2014-11-23 01:01        243200        ----a-w-        c:\windows\system32\webcheck.dll

2014-11-23 01:01 . 2014-11-23 01:01        235520        ----a-w-        c:\windows\system32\url.dll

2014-11-23 01:01 . 2014-11-23 01:01        167424        ----a-w-        c:\windows\system32\iexpress.exe

2014-11-23 01:01 . 2014-11-23 01:01        147968        ----a-w-        c:\windows\system32\occache.dll

2014-11-23 01:01 . 2014-11-23 01:01        143872        ----a-w-        c:\windows\system32\wextract.exe

2014-11-23 01:01 . 2014-11-23 01:01        13824        ----a-w-        c:\windows\system32\mshta.exe

2014-11-23 01:01 . 2014-11-23 01:01        135680        ----a-w-        c:\windows\system32\iepeers.dll

2014-11-23 01:01 . 2014-11-23 01:01        13312        ----a-w-        c:\windows\system32\msfeedssync.exe

2014-11-23 01:01 . 2014-11-23 01:01        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll

2014-11-23 01:01 . 2014-11-23 01:01        105984        ----a-w-        c:\windows\system32\iesysprep.dll

2014-11-23 01:01 . 2014-11-23 01:01        101376        ----a-w-        c:\windows\system32\inseng.dll

2014-11-23 00:56 . 2014-11-23 00:56        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2014-11-23 00:56 . 2014-11-23 00:56        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2014-11-23 00:56 . 2014-11-23 00:56        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll

2014-11-23 00:56 . 2014-11-23 00:56        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2014-11-23 00:56 . 2014-11-23 00:56        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-11-23 00:56 . 2014-11-23 00:56        648192        ----a-w-        c:\windows\system32\d3d10level9.dll

2014-11-23 00:56 . 2014-11-23 00:56        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2014-11-23 00:56 . 2014-11-23 00:56        363008        ----a-w-        c:\windows\system32\dxgi.dll

2014-11-23 00:56 . 2014-11-23 00:56        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll

2014-11-23 00:56 . 2014-11-23 00:56        296960        ----a-w-        c:\windows\system32\d3d10core.dll

2014-11-23 00:56 . 2014-11-23 00:56        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll

2014-11-23 00:56 . 2014-11-23 00:56        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll

2014-11-23 00:56 . 2014-11-23 00:56        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll

2014-11-23 00:56 . 2014-11-23 00:56        221184        ----a-w-        c:\windows\system32\UIAnimation.dll

2014-11-23 00:56 . 2014-11-23 00:56        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll

2014-11-23 00:56 . 2014-11-23 00:56        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll

2014-11-23 00:56 . 2014-11-23 00:56        194560        ----a-w-        c:\windows\system32\d3d10_1.dll

2014-11-23 00:56 . 2014-11-23 00:56        187392        ----a-w-        c:\windows\SysWow64\UIAnimation.dll

2014-11-23 00:56 . 2014-11-23 00:56        1643520        ----a-w-        c:\windows\system32\DWrite.dll

2014-11-23 00:56 . 2014-11-23 00:56        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll

2014-11-23 00:56 . 2014-11-23 00:56        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll

2014-11-23 00:56 . 2014-11-23 00:56        1238528        ----a-w-        c:\windows\system32\d3d10.dll

2014-11-23 00:56 . 2014-11-23 00:56        1175552        ----a-w-        c:\windows\system32\FntCache.dll

2014-11-23 00:56 . 2014-11-23 00:56        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll

2014-11-22 15:02 . 2014-11-22 15:03        43064        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2014-11-21 20:13 . 2014-11-21 20:13        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-11-21 19:52 . 2014-11-21 19:52        283064        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2014-11-18 19:47 . 2014-11-18 19:47        1691816        ----a-w-        c:\windows\system32\FM20.DLL

2014-11-11 03:08 . 2014-11-22 16:00        241152        ----a-w-        c:\windows\system32\pku2u.dll

2014-11-11 03:08 . 2014-11-22 16:00        728064        ----a-w-        c:\windows\system32\kerberos.dll

2014-11-11 02:44 . 2014-11-22 16:00        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll

2014-11-11 02:44 . 2014-11-22 16:00        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll

2014-10-25 01:57 . 2014-11-22 15:58        77824        ----a-w-        c:\windows\system32\packager.dll

2014-10-25 01:32 . 2014-11-22 15:58        67584        ----a-w-        c:\windows\SysWow64\packager.dll

2014-10-23 13:02 . 2014-11-21 19:37        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2014-10-23 13:02 . 2014-11-21 19:37        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2014-10-23 13:01 . 2014-11-21 19:37        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2014-10-18 02:05 . 2014-11-22 15:57        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2014-10-18 01:33 . 2014-11-22 15:57        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2014-10-14 02:16 . 2014-11-22 16:00        155064        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-11-12 16:19        1729744        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]

"icq"="c:\users\Bonkers\AppData\Roaming\ICQM\icq.exe" [2014-11-23 35239432]

"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-11 702768]

"BF2Hub Client"="c:\program files (x86)\BF2Hub Client\bf2hub.exe" [2014-07-17 1521664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-12-12 07:06        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-21 15:16]

.

2014-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21 17:30]

.

2014-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21 17:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-11-12 16:17        2334928        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mDefault_Search_URL = about:blank

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = about:blank

uSearchAssistant = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\

FF - prefs.js: browser.startup.homepage - Google

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\DAODx.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\avmwlanstick\WlanNetService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-12-27  10:23:40 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-12-27 09:23

.

Vor Suchlauf: 9 Verzeichnis(se), 46.319.153.152 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 45.587.595.264 Bytes frei

.

- - End Of File - - B92E90E1711D28C07F3A61C6B4CDF19C

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

hxxp://zen.esrvadspix.com und diese Seite läuft bei mir im Hintergrund über den Internet Explorer. Kann sie leidder nicht über den Taskmanager schließen. Hängt das auch noch mit dem Trojaner zusammen?

schrauber

28.12.2014 17:37

jap. Wir sind ja auch noch nicht fertig :)

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Bonkers1982

02.01.2015 20:36

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Bonkers on 02.01.2015 at 20:26:48,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644574481}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644904461}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644574481}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904461}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644574481}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644904461}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644574481}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644904461}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Bonkers\AppData\Roaming\mozilla\firefox\profiles\yzv924ky.default\prefs.js

user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Bonkers\\
Emptied folder: C:\Users\Bonkers\AppData\Roaming\mozilla\firefox\profiles\yzv924ky.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015

Ran by Bonkers (administrator) on BONKERS-PC on 02-01-2015 20:32:47

Running from C:\Users\Bonkers\Desktop

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Windows\DAODx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-02 20:32 - 2015-01-02 20:33 - 00014910 _____ () C:\Users\Bonkers\Desktop\FRST.txt

2015-01-02 20:32 - 2015-01-02 20:32 - 02123264 _____ (Farbar) C:\Users\Bonkers\Desktop\FRST64.exe

2015-01-02 20:30 - 2015-01-02 20:30 - 00002006 _____ () C:\Users\Bonkers\Desktop\JRT.txt

2015-01-02 20:26 - 2015-01-02 20:26 - 00000000 ____D () C:\Windows\ERUNT

2015-01-02 20:22 - 2015-01-02 20:22 - 01707939 _____ (Thisisu) C:\Users\Bonkers\Desktop\JRT.exe

2015-01-02 20:15 - 2015-01-02 20:15 - 02173952 _____ () C:\Users\Bonkers\Desktop\AdwCleaner_4.106.exe

2014-12-27 20:14 - 2014-12-27 20:15 - 00024221 _____ () C:\Users\Bonkers\Desktop\spam.txt

2014-12-27 19:49 - 2014-12-27 19:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bonkers\Desktop\mbam-setup-2.0.4.1028.exe

2014-12-27 10:23 - 2014-12-27 10:23 - 00031247 _____ () C:\ComboFix.txt

2014-12-27 10:14 - 2014-12-27 10:23 - 00000000 ____D () C:\Qoobox

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-27 10:14 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-27 10:14 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-27 10:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-27 10:13 - 2014-12-27 10:13 - 05603624 ____R (Swearware) C:\Users\Bonkers\Desktop\ComboFix.exe

2014-12-26 11:11 - 2015-01-02 20:24 - 00000448 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-02 20:24 - 00044608 _____ () C:\Windows\PFRO.log

2014-12-26 10:53 - 2015-01-02 20:32 - 00000000 ____D () C:\FRST

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-02 20:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 20:27 - 2014-12-22 20:27 - 01174352 _____ () C:\Users\Bonkers\Downloads\Revo Uninstaller - CHIP-Installer.exe

2014-12-22 18:51 - 2015-01-02 20:23 - 00000000 ____D () C:\AdwCleaner

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:16 - 2014-12-22 17:16 - 00003164 _____ () C:\Windows\System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23}

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2014-12-27 11:50 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-06 16:19 - 2014-12-06 16:20 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Windows\SysWOW64\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Users\Bonkers\Desktop\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-03 09:39 - 2014-12-03 09:39 - 00000000 ____D () C:\Users\Bonkers\AppData\OICE_15_974FA576_32C1D314_2E3D
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-02 20:33 - 2014-11-21 18:25 - 01921683 _____ () C:\Windows\WindowsUpdate.log

2015-01-02 20:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-02 20:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-02 20:27 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-02 20:25 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-02 20:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-02 19:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-27 21:20 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2014-12-27 20:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 11:11 - 2009-07-14 05:45 - 00434792 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-26 10:09 - 2014-11-21 19:39 - 00111520 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-26 09:58 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-23 21:50 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2014-12-23 07:43 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:47 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-22 16:38 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-12-03 09:39 - 2014-12-02 13:37 - 00042960 _____ () C:\Users\Bonkers\Desktop\unbekannter Anhang
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\Quarantine.exe

C:\Users\Bonkers\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-25 11:56
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015

Ran by Bonkers at 2015-01-02 20:33:53

Running from C:\Users\Bonkers\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

26-12-2014 10:14:39 Revo Uninstaller's restore point - Shopping Helper Smartbar

26-12-2014 11:12:58 Revo Uninstaller's restore point - Shopping Helper Smartbar
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {38479FCC-F8AA-42D9-A584-2213E4F86991} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B08998D5-4C32-4115-BADF-AE1608EFB8DC} - System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs4

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {E8CD5A44-700F-4F37-AF38-5E689D8F1E04} - \upfs7235 No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2009-03-30 07:32 - 2009-03-30 07:32 - 00032768 ____R () C:\Windows\DAODx.exe

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 25%

Total physical RAM: 8093.13 MB

Available physical RAM: 6059.89 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 14047.82 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:41.31 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:333.72 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:396.12 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

schrauber

02.01.2015 21:35

und MBAM und AdwCLeaner?

Bonkers1982

03.01.2015 15:03

AdwCleaner Logfile:

Code:

# AdwCleaner v4.106 - Bericht erstellt am 02/01/2015 um 20:23:41

# Aktualisiert 21/12/2014 von Xplode

# Database : 2015-01-01.1 [Live]

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Benutzername : Bonkers - BONKERS-PC

# Gestartet von : C:\Users\Bonkers\Desktop\AdwCleaner_4.106.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v34.0.5 (x86 de)
 
 

-\\ Google Chrome v39.0.2171.95
 
 

*************************
 

AdwCleaner[R0].txt - [17387 octets] - [22/12/2014 18:51:50]

AdwCleaner[R1].txt - [1809 octets] - [22/12/2014 19:49:49]

AdwCleaner[R2].txt - [1437 octets] - [25/12/2014 10:39:22]

AdwCleaner[R3].txt - [1241 octets] - [02/01/2015 20:21:48]

AdwCleaner[S0].txt - [14312 octets] - [22/12/2014 19:01:07]

AdwCleaner[S1].txt - [1723 octets] - [22/12/2014 20:18:53]

AdwCleaner[S2].txt - [1305 octets] - [25/12/2014 10:41:01]

AdwCleaner[S3].txt - [1163 octets] - [02/01/2015 20:23:41]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1223 octets] ##########

--- --- ---

MBAM wurde jetzt nichts mehr gefunden.

Hallo,

der Werbeblock kommt jetzt wieder und im Taskmanager steht
hxxp://Ib.pixadsserve.com/?s=16023 - Internet Explorer

Dies steht zwei Mal drin und ich habe gar keinen internet explorer offen.

schrauber

03.01.2015 16:04

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

Task: {E8CD5A44-700F-4F37-AF38-5E689D8F1E04} - \upfs7235 No Task File <==== ATTENTION

C:\Windows\DAODx.exe

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Bonkers1982

04.01.2015 11:42

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Bonkers at 2015-01-04 10:40:53 Run:1
Running from C:\Users\Bonkers\Desktop
Loaded Profile: Bonkers (Available profiles: Bonkers)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {E8CD5A44-700F-4F37-AF38-5E689D8F1E04} - \upfs7235 No Task File <==== ATTENTION
C:\Windows\DAODx.exe
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438
Emptytemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8CD5A44-700F-4F37-AF38-5E689D8F1E04}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8CD5A44-700F-4F37-AF38-5E689D8F1E04}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
C:\Windows\DAODx.exe => Moved successfully.
"HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 628.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:41:23 ====

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9c0fc51758705c438f99104cc655ee09
# engine=21809
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-04 10:34:51
# local_time=2015-01-04 11:34:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 59624 6298376 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3637772 171997541 0 0
# scanned=151211
# found=30
# cleaned=30
# scan_time=2327
sh=2E1A1C708534421868B711580E7536D1BBB886DD ft=1 fh=c71c0011ca9b0908 vn="Variante von MSIL/Adware.iBryte.S Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\Client.exe.vir"
sh=F3362319BCF1D00CD02E0A9DE33D73E16D024C8A ft=1 fh=d83bfbe1242f4f2a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Bonkers\Downloads\Revo Uninstaller - CHIP-Installer.exe"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=D034F5C7973D8E8865E07C8C491290007D751253 ft=1 fh=d53322914a970544 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=8B6287A98E7CC7403B070D2EF07C4E2BFCEF0403 ft=1 fh=c04b514b90e70a4d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\spbe.dll"
sh=19C3579C68281C5BB49E443422606503DF46ED43 ft=1 fh=204776e3cf249c1f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\spbl.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\spusm.dll"
sh=0993C65D332068F7DC335AD6C7EBB8E89B515CF0 ft=1 fh=4c6549bbd2148752 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\srbs.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\srptc.dll"
sh=D7736EED844DC36F32DAC1A35F8482CC068A9063 ft=1 fh=966fb7ffe3f01c9b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSI63B5.tmp-\srpu.dll"
sh=083E59D5CD3500CF0BBDFC59CC4B39645C5CA83A ft=1 fh=1b7719d2674458f9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=D034F5C7973D8E8865E07C8C491290007D751253 ft=1 fh=d53322914a970544 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=8B6287A98E7CC7403B070D2EF07C4E2BFCEF0403 ft=1 fh=c04b514b90e70a4d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\spbe.dll"
sh=19C3579C68281C5BB49E443422606503DF46ED43 ft=1 fh=204776e3cf249c1f vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\spbl.dll"
sh=4D19E1FC12C9F2D1BB673CB02511E4EE86B87EBE ft=1 fh=ec73789bd2de0d47 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\sppsm.dll"
sh=B9E7A461796E22B87226172152D83213002081AC ft=1 fh=74353f1bba4f89f2 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\spusm.dll"
sh=0993C65D332068F7DC335AD6C7EBB8E89B515CF0 ft=1 fh=4c6549bbd2148752 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\srbs.dll"
sh=7D37E07482CA5D2EDC014784A215917F63A294F5 ft=1 fh=a9866ae28e6f19a4 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\srbu.dll"
sh=90948FD08FA61D38913DC0D988B830C55D0A45EC ft=1 fh=ed3bd3e2a46ff9be vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\srptc.dll"
sh=D7736EED844DC36F32DAC1A35F8482CC068A9063 ft=1 fh=966fb7ffe3f01c9b vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\Installer\MSIDE9.tmp-\srpu.dll"
sh=CBC9AB3ED940737B1A26649C016EBF17C63DAD0E ft=1 fh=d8a2bbe29d5f7393 vn="Variante von Win32/Packed.VMProtect.ABO Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="D:\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe"
sh=AB7B24DA308E5105AEE84D9EEF61D9CF02D5F01B ft=1 fh=77b670143b46f13b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="G:\alte platte save\Gepackte Progs\ICQ7.8Build6800BannerRemover.exe"
sh=AB7B24DA308E5105AEE84D9EEF61D9CF02D5F01B ft=1 fh=77b670143b46f13b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\alte platte save\Gepackte Progs\ICQ7.8Build6800BannerRemover.exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Desktop\Desktop\FreeYouTubeToMp3Converter35.exe"
sh=2D0165AF70C6D014876E5C985AFCC7C3B90AB751 ft=1 fh=9e7da9c4ac1ce92b vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Desktop\Desktop3\Lappi HP 635\SoftonicDownloader_fuer_ati-catalyst.exe"
sh=5ACFD525253CE2BB04349D2CD25423F622A3C157 ft=1 fh=d42a83f8f82bfdef vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Programme\aimp_3.55.1355 - CHIP-Installer.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Programme\DTLite4491-0356.exe"
sh=3DB13D34E28894FD97E8E56C3AF0127212A54F45 ft=1 fh=d9eacb53523f01c2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Programme\VLC media player 64 Bit - CHIP-Installer.exe"

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.235
Adobe Reader XI
Mozilla Firefox (34.0.5)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03

Ran by Bonkers (administrator) on BONKERS-PC on 04-01-2015 11:41:03

Running from C:\Users\Bonkers\Desktop

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-04 11:38 - 2015-01-04 11:38 - 00852505 _____ () C:\Users\Bonkers\Desktop\SecurityCheck.exe

2015-01-04 10:49 - 2015-01-04 10:49 - 02347384 _____ (ESET) C:\Users\Bonkers\Desktop\esetsmartinstaller_deu.exe

2015-01-04 10:40 - 2015-01-04 10:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\FRST-OlderVersion

2015-01-02 20:33 - 2015-01-02 20:34 - 00016039 _____ () C:\Users\Bonkers\Desktop\Addition.txt

2015-01-02 20:32 - 2015-01-04 11:41 - 00014728 _____ () C:\Users\Bonkers\Desktop\FRST.txt

2015-01-02 20:32 - 2015-01-04 10:40 - 02123776 _____ (Farbar) C:\Users\Bonkers\Desktop\FRST64.exe

2015-01-02 20:30 - 2015-01-02 20:30 - 00002006 _____ () C:\Users\Bonkers\Desktop\JRT.txt

2015-01-02 20:26 - 2015-01-02 20:26 - 00000000 ____D () C:\Windows\ERUNT

2015-01-02 20:22 - 2015-01-02 20:22 - 01707939 _____ (Thisisu) C:\Users\Bonkers\Desktop\JRT.exe

2015-01-02 20:15 - 2015-01-02 20:15 - 02173952 _____ () C:\Users\Bonkers\Desktop\AdwCleaner_4.106.exe

2014-12-27 20:14 - 2014-12-27 20:15 - 00024221 _____ () C:\Users\Bonkers\Desktop\spam.txt

2014-12-27 19:49 - 2014-12-27 19:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bonkers\Desktop\mbam-setup-2.0.4.1028.exe

2014-12-27 10:23 - 2014-12-27 10:23 - 00031247 _____ () C:\ComboFix.txt

2014-12-27 10:14 - 2014-12-27 10:23 - 00000000 ____D () C:\Qoobox

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-27 10:14 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-27 10:14 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-27 10:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-27 10:14 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-27 10:13 - 2014-12-27 10:13 - 05603624 ____R (Swearware) C:\Users\Bonkers\Desktop\ComboFix.exe

2014-12-26 11:11 - 2015-01-04 10:42 - 00000672 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-02 20:24 - 00044608 _____ () C:\Windows\PFRO.log

2014-12-26 10:53 - 2015-01-04 11:41 - 00000000 ____D () C:\FRST

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-03 14:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:51 - 2015-01-02 20:23 - 00000000 ____D () C:\AdwCleaner

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:16 - 2014-12-22 17:16 - 00003164 _____ () C:\Windows\System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23}

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2014-12-27 11:50 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-06 16:19 - 2014-12-06 16:20 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Windows\SysWOW64\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00912744 _____ () C:\Users\Bonkers\Desktop\pbsvc.exe

2014-12-06 16:19 - 2014-12-06 16:19 - 00291496 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-04 11:28 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-04 10:49 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-04 10:49 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-04 10:46 - 2014-11-21 18:25 - 01068224 _____ () C:\Windows\WindowsUpdate.log

2015-01-04 10:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-04 10:42 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-04 10:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-04 00:01 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-03 16:14 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 11:11 - 2009-07-14 05:45 - 00434792 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-12-26 10:09 - 2014-11-21 19:39 - 00111520 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-26 09:58 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-23 07:43 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:47 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-22 16:38 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-25 11:56
 

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber

04.01.2015 14:50

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bonkers1982

07.01.2015 08:48

Ahoi. Leider befindet sich dieser Virus noch immer einmal im Taskmanager.

hxxp://Ib.pixadsserve.com/?s=16023 - Internet Explorer

Zuvor war er dort ja zweimal vorhanden.

schrauber

07.01.2015 09:22

Warum ignorierst Du dann meine Frage, ob es noch Probleme gibt? ;)

Bitte zwei neue FRST Logs, bitte nen Screenshot vom Taskmanager. Bitte auf den Prozess nen Rechtsklick machen > Details, davon auch nen Screenshot.

Bonkers1982

07.01.2015 12:21

Dumme Frage. Wie kann ich hier nen Bild hochladen?

UnScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by Bonkers (administrator) on BONKERS-PC on 07-01-2015 12:33:32
Running from J:\Programme
Loaded Profile: Bonkers (Available profiles: Bonkers)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

schrauber

07.01.2015 12:29

Hast Du meinen obigen Post gelesen?

Bonkers1982

07.01.2015 12:36

Liste der Anhänge anzeigen (Anzahl: 2)

Hab ihn nicht ignoriert. Ist mir erst heute aufgefallen, weil wieder Werbung im Hintergrund lief. Und zwei FRST? Ich hoffe es sind die richtigen Bilder. Also wegen Details kann ich bei dem Prozess gar ncihts machen. Weder beenden noch irgendwas anderes. Und das was vopm Internet Explorer angezeigt wird verändert sich ab und zu, wie auf dem Bild zu sehen ist.

schrauber

07.01.2015 13:37

FRST öffnen, Haken setzen bei Addition und scannen, poste bitte beide Logs.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Bonkers1982

07.01.2015 15:16

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Bonkers at 2015-01-07 15:15:02

Running from J:\Programme

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

07-01-2015 12:17:37 DirectX wurde installiert

07-01-2015 12:23:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

07-01-2015 12:23:37 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {38479FCC-F8AA-42D9-A584-2213E4F86991} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B08998D5-4C32-4115-BADF-AE1608EFB8DC} - System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs4

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-12-11 10:02 - 2014-12-15 16:16 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/07/2015 00:33:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (01/07/2015 08:38:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/07/2015 08:30:24 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x1814

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 10:03:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x1480

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 09:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x1664

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x15c0

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 06:06:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x16e4

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 05:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:55:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 
 

System errors:

=============

Error: (01/07/2015 01:09:48 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
 

Error: (01/07/2015 01:09:48 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung empfangen: 20.
 

Error: (01/07/2015 00:58:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:34:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:34:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:34:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:09:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:09:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:09:02 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/07/2015 00:09:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================

Error: (01/07/2015 00:33:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestJ:\Programme\esetsmartinstaller_deu.exe
 

Error: (01/07/2015 08:38:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/07/2015 08:30:24 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf73181401d029f53ca7c368D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe61ecae64-95eb-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 10:03:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf73148001d029f094da3c90D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe7e8acad2-95e7-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 09:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf73166401d029f054666c07D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.execd397e49-95e3-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf7315c001d029e23a0378e2D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe9aea5bc1-95d6-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 06:06:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf7316e401d029d0d197904bD:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe6364d752-95c6-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 05:14:17 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:55:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 33%

Total physical RAM: 8093.13 MB

Available physical RAM: 5410.74 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 13079.51 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:36 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:366.44 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.97 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

Drive l: (Wasteland 2) (CDROM) (Total:8.25 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Bonkers (administrator) on BONKERS-PC on 07-01-2015 15:14:07

Running from J:\Programme

Loaded Profiles: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-07 12:33 - 2015-01-07 15:14 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 12:15 - 2015-01-07 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inXile Entertainment

2015-01-07 08:56 - 2015-01-07 08:56 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-07 15:11 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-07 08:28 - 00003333 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-06 10:44 - 00050598 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:16 - 2014-12-22 17:16 - 00003164 _____ () C:\Windows\System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23}

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-07 14:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-07 14:33 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:24 - 2014-11-21 18:25 - 01185543 _____ () C:\Windows\WindowsUpdate.log

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-07 09:46 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-07 08:46 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-07 08:46 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-07 08:28 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-07 08:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-06 22:31 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-23 07:43 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\13065090765497934223.exe

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\i4jdel0.exe

C:\Users\Bonkers\AppData\Local\Temp\JDSetup130650907635128207.exe

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole3641275555448342416.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber

07.01.2015 15:32

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

Task: {38479FCC-F8AA-42D9-A584-2213E4F86991} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe

C:\Windows\DAODx.exe

Task: {B08998D5-4C32-4115-BADF-AE1608EFB8DC} - System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs4

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Hosts:

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bonkers1982

07.01.2015 16:51

Code:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015

Ran by Bonkers at 2015-01-07 16:47:54 Run:1

Running from J:\Programme

Loaded Profiles: Bonkers (Available profiles: Bonkers)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

Task: {38479FCC-F8AA-42D9-A584-2213E4F86991} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe

C:\Windows\DAODx.exe

Task: {B08998D5-4C32-4115-BADF-AE1608EFB8DC} - System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=cvs4

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

Hosts:

Emptytemp:

*****************
 

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38479FCC-F8AA-42D9-A584-2213E4F86991}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38479FCC-F8AA-42D9-A584-2213E4F86991}" => Key deleted successfully.

C:\Windows\System32\Tasks\ASUS\RunDAOD => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\RunDAOD" => Key deleted successfully.

"C:\Windows\DAODx.exe" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08998D5-4C32-4115-BADF-AE1608EFB8DC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08998D5-4C32-4115-BADF-AE1608EFB8DC}" => Key deleted successfully.

C:\Windows\System32\Tasks\{44F7D431-87E0-41FB-86BC-9E53277E0F23} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44F7D431-87E0-41FB-86BC-9E53277E0F23}" => Key deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

EmptyTemp: => Removed 648.1 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 16:48:31 ====

schrauber

07.01.2015 18:11

Zitat:

C:\Windows\System32\Drivers\etc\hosts

Diese Datei bitte mal mit Notepad öffnen und den Inhalt hier posten.

Bonkers1982

07.01.2015 20:31

Code:



# Copyright (c) 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

#      102.54.94.97     rhino.acme.com          # source server

#       38.25.63.10     x.acme.com              # x client host
 

# localhost name resolution is handled within DNS itself.

#        127.0.0.1       localhost

#        ::1             localhost

# BF2Hub - begin of redirect (established on 2014-12-01 14:15:04)

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se

# BF2Hub - end of redirect

schrauber

08.01.2015 07:24

Zitat:

# BF2Hub - begin of redirect (established on 2014-12-01 14:15:04)
83.169.15.25 battlefield2.available.gamespy.com
83.169.15.25 battlefield2.master.gamespy.com
83.169.15.25 battlefield2.ms14.gamespy.com
83.169.15.25 gpsp.gamespy.com
83.169.15.25 gpcm.gamespy.com
83.169.15.6 eapusher.dice.se
# BF2Hub - end of redirect

Mit Absicht drin?

Bonkers1982

08.01.2015 09:13

Zitat:

Zitat von schrauber (Beitrag 1405971)

Mit Absicht drin?

Wie meinst du das? Kenn mich damit nicht aus. Kann jetzt daraus nur erkennen das es sich um etwas von nem Spiel von mir handelt und ein Programm, was mal in Verbindung mit dem Spiel installiert wurde.

schrauber

08.01.2015 09:32

Ok, dann deute ich das mal als ja, ist mit Absicht drin.

Versuch mal bitte ein FRST log zu erstellen in dem Moment, wo du diese Auffälligkeit im Taskmanager siehst.

Die Screenshots des Taskmanagers zeigen nämlich nix.

Bonkers1982

08.01.2015 14:09

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Bonkers at 2015-01-08 14:07:13

Running from J:\Programme

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

08-01-2015 12:37:34 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2015-01-08 08:11 - 2015-01-08 08:11 - 00040448 ____N () C:\Users\Bonkers\AppData\Local\Temp\proxy_vole9117833207677472104.dll

2015-01-08 08:11 - 2015-01-08 08:11 - 00566439 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll

2015-01-08 08:11 - 2015-01-08 08:11 - 04078962 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll

2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll

2014-12-11 10:02 - 2014-12-15 16:16 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/08/2015 08:19:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/08/2015 08:10:43 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/07/2015 08:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d

Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001425

ID des fehlerhaften Prozesses: 0x1198

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (01/07/2015 04:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/07/2015 04:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d

Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001425

ID des fehlerhaften Prozesses: 0xddc

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (01/07/2015 00:33:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (01/07/2015 08:38:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/07/2015 08:30:24 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x1814

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 

Error: (01/06/2015 10:03:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Name des fehlerhaften Moduls: Manager10.exe, Version: 2.0.0.7, Zeitstempel: 0x4bfe52c8

Ausnahmecode: 0xc0000005

Fehleroffset: 0x009aaf73

ID des fehlerhaften Prozesses: 0x1480

Startzeit der fehlerhaften Anwendung: 0xManager10.exe0

Pfad der fehlerhaften Anwendung: Manager10.exe1

Pfad des fehlerhaften Moduls: Manager10.exe2

Berichtskennung: Manager10.exe3
 
 

System errors:

=============

Error: (01/08/2015 02:07:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 02:07:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 02:07:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:59:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 01:29:56 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================

Error: (01/08/2015 08:19:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/08/2015 08:10:43 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/07/2015 08:29:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425119801d02a9319c8a4a9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8f218107-96a3-11e4-903f-00040efbb8a2
 

Error: (01/07/2015 04:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/07/2015 04:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425ddc01d02a8fb7e70c3dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8b407c1d-9684-11e4-8728-00040efbb8a2
 

Error: (01/07/2015 00:33:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestJ:\Programme\esetsmartinstaller_deu.exe
 

Error: (01/07/2015 08:38:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/07/2015 08:30:24 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/06/2015 10:31:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf73181401d029f53ca7c368D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe61ecae64-95eb-11e4-809f-00040efbb8a2
 

Error: (01/06/2015 10:03:43 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Manager10.exe2.0.0.74bfe52c8Manager10.exe2.0.0.74bfe52c8c0000005009aaf73148001d029f094da3c90D:\FUSSBALL MANAGER 10\Manager10.exeD:\FUSSBALL MANAGER 10\Manager10.exe7e8acad2-95e7-11e4-809f-00040efbb8a2
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 41%

Total physical RAM: 8093.13 MB

Available physical RAM: 4757.34 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 12318 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:44.1 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:370.12 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.97 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

Drive l: (Wasteland 2) (CDROM) (Total:8.25 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Bonkers (administrator) on BONKERS-PC on 08-01-2015 14:06:41

Running from J:\Programme

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(AppWork GmbH) C:\Users\Bonkers\AppData\Local\JDownloader 2.0\JDownloader2.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-07 17:13 - 2015-01-08 08:11 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt

2015-01-07 12:33 - 2015-01-08 14:06 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 12:15 - 2015-01-07 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inXile Entertainment

2015-01-07 08:56 - 2015-01-07 17:21 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-08 08:08 - 00003445 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 13:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 12:37 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-08 12:37 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-08 11:48 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-08 10:48 - 2014-11-21 18:25 - 01224766 _____ () C:\Windows\WindowsUpdate.log

2015-01-08 09:34 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-08 08:09 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-08 08:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-07 20:30 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\i4jdel0.exe

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole9117833207677472104.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber

08.01.2015 17:09

[/COLOR][/size][/b]
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
http://deeprybka.trojaner-board.de/b...ro/hitman1.PNG
Entferne den Haken bei
http://deeprybka.trojaner-board.de/b...ro/hitman2.PNG
Klicke auf
http://deeprybka.trojaner-board.de/b...ro/hitman3.PNG und http://deeprybka.trojaner-board.de/b...ro/hitman4.PNG
Akzeptiere die Lizenzbedingungen und klicke auf http://deeprybka.trojaner-board.de/b...ro/hitman4.PNG
Klicke auf
http://deeprybka.trojaner-board.de/b...ro/hitman5.PNG
und auf http://deeprybka.trojaner-board.de/b...ro/hitman4.PNG
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
http://deeprybka.trojaner-board.de/b...ro/hitman6.PNGund speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Bonkers1982

08.01.2015 17:59

Code:


 

        Code:


        
HitmanPro 3.7.9.232

www.hitmanpro.com
 

   Computer name . . . . : BONKERS-PC

   Windows . . . . . . . : 6.1.1.7601.X64/8

   User name . . . . . . : Bonkers-PC\Bonkers

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Free
 

   Scan date . . . . . . : 2015-01-08 17:40:28

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 5m 5s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No
 

   Threats . . . . . . . : 0

   Traces  . . . . . . . : 20
 

   Objects scanned . . . : 1.565.300

   Files scanned . . . . : 60.487

   Remnants scanned  . . : 486.892 files / 1.017.921 keys
 

Suspicious files ____________________________________________________________
 

   C:\Users\Bonkers\AppData\Local\PunkBuster\BF2\pb\pbcl.dll

      Size . . . . . . . : 958.292 bytes

      Age  . . . . . . . : 33.1 days (2014-12-06 15:58:41)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : CA527E6BEC756E0A8920D13184946E0822CC8061ACC0C4D77592CB22DF501E6A

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.
 

   C:\Users\Bonkers\AppData\Local\PunkBuster\BF2\pb\pbcls.dll

      Size . . . . . . . : 958.292 bytes

      Age  . . . . . . . : 33.1 days (2014-12-06 15:58:41)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : CA527E6BEC756E0A8920D13184946E0822CC8061ACC0C4D77592CB22DF501E6A

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.
 
 

Potential Unwanted Programs _________________________________________________
 

   HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader)

   HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL\ (Goobzo)

   HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo)

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)

   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL\ (Goobzo)

   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)

   HKLM\SOFTWARE\Wow6432Node\Reg\Clean\ (AskBar)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Reg\Clean\ (RegClean Pro)

   HKU\S-1-5-21-2975933613-4275264652-1912998914-1000_Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader)

Im Tempordner bei Appdata hab ich versucht 2 Datein zu löschen, die jedoch immer wieder nach wenigen Sekunden zurückkehren. Kann das damit zusammenhängen? Es handelt sich um die "avgnt.exe" und "plugtmp-1". Sind 2 Ordner.

schrauber

08.01.2015 20:00

Du kannst doch nit einfach irgendwas löschen wenn Du nicht weißt was es is :)
Das sind legitime Sachen, Finger weg.

Las alle FUnde von Hitman entfernen. Dann bitte ein frisches FRST log und testen ob das Problem noch besteht.

Bonkers1982

08.01.2015 21:09

Code:



can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Bonkers (administrator) on BONKERS-PC on 08-01-2015 20:58:40

Running from J:\Programme

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-08] ()

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 20:56 - 2015-01-08 20:56 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\system32\.crusader

2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log

2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe

2015-01-07 17:13 - 2015-01-08 20:53 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt

2015-01-07 12:33 - 2015-01-08 20:58 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 12:15 - 2015-01-07 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inXile Entertainment

2015-01-07 08:56 - 2015-01-07 17:21 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-08 20:56 - 00003501 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-09 21:22 - 2014-12-09 21:22 - 00000000 ____D () C:\Users\Bonkers\Desktop\BF2

2014-12-09 15:03 - 2014-12-24 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 20:57 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-08 20:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-08 20:55 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-08 20:55 - 2014-11-21 18:25 - 01225548 _____ () C:\Windows\WindowsUpdate.log

2015-01-08 20:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-08 12:37 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-08 12:37 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-08 11:48 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-07 20:30 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole9117833207677472104.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Bonkers at 2015-01-08 21:01:07

Running from J:\Programme

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

08-01-2015 12:37:34 Geplanter Prüfpunkt

08-01-2015 20:40:16 Prüfpunkt von HitmanPro

08-01-2015 20:41:26 Prüfpunkt von HitmanPro
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Generatorname: COM+ REGDB Writer

   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Generatorname: Registry Writer

   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Generatorname: MSSearch Service Writer

   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001FEEEF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

   Generatorname: Shadow Copy Optimization Writer

   Generatorinstanz-ID: {008a3661-8781-4639-88c4-fcdc9c53f5cd}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 
 

System errors:

=============

Error: (01/08/2015 08:57:03 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.
 

Error: (01/08/2015 08:50:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:50:14 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:47:54 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:47:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:47:37 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:47:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:47:36 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:43:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/08/2015 08:43:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)0x80070005, Zugriff verweigert
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Generatorname: COM+ REGDB Writer

   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Generatorname: Registry Writer

   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Generatorname: MSSearch Service Writer

   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000200,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,0000000001FEEEF0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

   Generatorname: Shadow Copy Optimization Writer

   Generatorinstanz-ID: {008a3661-8781-4639-88c4-fcdc9c53f5cd}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 24%

Total physical RAM: 8093.13 MB

Available physical RAM: 6145.44 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 14067.06 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:43.57 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:364.92 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.97 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

Drive l: (Wasteland 2) (CDROM) (Total:8.25 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

Bis jetzt scheint nach den Tests alles schick zu sein. Falls es noch Probleme gibt melde ich mich. Danke dir erstmal. ;o)

schrauber

08.01.2015 22:51

ok :)

Bonkers1982

09.01.2015 09:18

Und täglich grüßt das Murmeltier. Ist wieder da. Kurz nachdem ich AIMP3 mit nem Musikmix startete kam wieder eien Werbung im Hintergurd und ich finde es im Taskmanager.

schrauber

09.01.2015 09:35

Ich würde gerne mal einen Screen davon sehen, was Du im Taskmanager siehst. Die andern Screens vorher war das nicht zu sehen.

Dann bitte nochmal ein frisches FRST log.

Downloade dir bitte Rogue Killer von hier.

Speichere das Tool auf deinem Desktop !
Schließe alle laufenden Programme.
Starte die RogueKiller.exe
Warte bis Prescan abgeschlossen erscheint und klicke dann auf Scannen.
Wenn der Scan beendet wurde, klicke auf Bericht und poste diesen hier.
Du findest die Logdatei RKreport[1].txt auch auf deinem Desktop.

http://i121.photobucket.com/albums/o...iller/TRK2.png

Bonkers1982

09.01.2015 10:12

Liste der Anhänge anzeigen (Anzahl: 2)

Code:



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Bonkers at 2015-01-09 10:10:07

Running from J:\Programme

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1355, 14.07.2014 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{4E7B5579-F76C-B709-84A7-F40460F5C70F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Dead Rising 3 (HKLM-x32\...\{XXXXXXXX-XXXX-XXXX-XXXX-BLACKBOX0011}) (Version: 6.0 - Black Box)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Wasteland 2 (HKLM-x32\...\Wasteland 2_is1) (Version:  - )

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

08-01-2015 12:37:34 Geplanter Prüfpunkt

08-01-2015 20:40:16 Prüfpunkt von HitmanPro

08-01-2015 20:41:26 Prüfpunkt von HitmanPro
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {43F47C87-9C98-4FB9-B5FD-8C60C06BC0B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6665CD5D-C2D8-44BA-8338-6B85CCB694BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21] (Google Inc.)

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6AD8A491-4214-48A8-B258-16EEDECBE840} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-20 14:23 - 2013-12-20 14:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2013-12-16 02:07 - 2013-12-16 02:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-12-20 14:22 - 2013-12-20 14:22 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 16:19 - 2014-12-06 16:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2015-01-09 09:10 - 2015-01-09 09:10 - 00040448 ____N () C:\Users\Bonkers\AppData\Local\Temp\proxy_vole4572833848207152153.dll

2015-01-09 09:10 - 2015-01-09 09:10 - 00566439 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll

2015-01-09 09:10 - 2015-01-09 09:10 - 04078962 _____ () C:\Users\Bonkers\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll

2014-11-23 09:35 - 2014-11-23 09:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2014-12-22 17:01 - 2014-12-22 17:01 - 00133120 _____ () C:\Users\Bonkers\AppData\Roaming\qjnhzepq\colers.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00505344 _____ () C:\Program Files (x86)\AIMP3\sqlite3.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00218112 _____ () C:\Program Files (x86)\AIMP3\libsoxr.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00220672 _____ () C:\Program Files (x86)\AIMP3\Modules\MACDll.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00294400 _____ () C:\Program Files (x86)\AIMP3\Modules\libFLAC.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 01733120 _____ () C:\Program Files (x86)\AIMP3\Modules\aimp_libvorbis.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00072136 _____ () C:\Program Files (x86)\AIMP3\Plugins\aimp_lastfm.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00026624 _____ () C:\Program Files (x86)\AIMP3\Plugins\Aorta.svp

2014-11-21 21:38 - 2014-11-21 21:38 - 00237568 _____ () C:\Program Files (x86)\AIMP3\Plugins\OptimFROG.dll

2014-11-21 21:38 - 2014-11-21 21:38 - 00141768 _____ () C:\Program Files (x86)\AIMP3\Plugins\PandemicAnalogMeter.dll

2014-12-24 12:31 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-12-11 10:02 - 2014-12-15 16:16 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: YTDownloader => /boot
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard-USB-Hostcontroller)

Service: 

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/09/2015 09:17:09 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/09/2015 09:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Generatorname: COM+ REGDB Writer

   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Generatorname: Registry Writer

   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert

.
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Generatorname: MSSearch Service Writer

   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}
 
 

System errors:

=============

Error: (01/09/2015 10:06:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 10:06:29 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 10:04:36 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 10:04:32 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 10:04:31 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 09:55:46 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 09:55:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 09:55:45 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 09:55:10 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/09/2015 09:55:09 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 
 

Microsoft Office Sessions:

=========================

Error: (01/09/2015 09:17:09 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (01/09/2015 09:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:58:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000380,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B6EDE0.72)0x80070005, Zugriff verweigert
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000464,(null),0,REG_BINARY,000000000160E1D0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}

   Generatorname: System Writer

   Generatorinstanz-ID: {2b139d0f-9987-4dba-88ae-3298a13d729f}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001d0,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000240F410.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}

   Generatorname: COM+ REGDB Writer

   Generatorinstanz-ID: {279a2bb7-3cbf-412f-b4e7-42957b3fda3b}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000008f8,(null),0,REG_BINARY,000000000160DF80.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}

   Generatorname: WMI Writer

   Generatorinstanz-ID: {f56e1ac9-c86a-48cf-b5aa-be3d5d0a1159}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000254EE30.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}

   Generatorname: Registry Writer

   Generatorinstanz-ID: {a81be6b4-0675-48f2-9025-33337af9a082}
 

Error: (01/08/2015 08:41:46 PM) (Source: VSS) (EventID: 8193) (User: )

Description: RegSetValueExW(0x00000b54,(null),0,REG_BINARY,0000000008D6E3A0.72)0x80070005, Zugriff verweigert
 
 

Vorgang:

   BackupShutdown-Ereignis
 

Kontext:

   Ausführungskontext: Writer

   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}

   Generatorname: MSSearch Service Writer

   Generatorinstanz-ID: {369f29ea-5529-4140-bfb3-9bab93e4affc}
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 40%

Total physical RAM: 8093.13 MB

Available physical RAM: 4822.27 MB

Total Pagefile: 16184.43 MB

Available Pagefile: 12469.63 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:43.18 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:355.89 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:195.29 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:281.97 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

Drive l: (Wasteland 2) (CDROM) (Total:8.25 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Bonkers1982

09.01.2015 10:35

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Bonkers (administrator) on BONKERS-PC on 09-01-2015 10:09:09

Running from J:\Programme

Loaded Profile: Bonkers (Available profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(AppWork GmbH) C:\Users\Bonkers\AppData\Local\JDownloader 2.0\JDownloader2.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe

(Microsoft Corporation) C:\Windows\System32\mspaint.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:49438;https=127.0.0.1:49438

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\yzv924ky.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-24]
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-21]

CHR Extension: (Google Docs) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-21]

CHR Extension: (Google Drive) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]

CHR Extension: (YouTube) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-21]

CHR Extension: (Google-Suche) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-21]

CHR Extension: (Google Tabellen) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-21]

CHR Extension: (Avira Browserschutz) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-21]

CHR Extension: (Google Wallet) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-21]

CHR Extension: (Google Mail) - C:\Users\Bonkers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-21]

CHR StartMenuInternet: Google Chrome - chrome.exe
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\system32\.crusader

2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log

2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe

2015-01-07 17:13 - 2015-01-09 09:10 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt

2015-01-07 12:33 - 2015-01-09 10:09 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 12:15 - 2015-01-07 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inXile Entertainment

2015-01-07 08:56 - 2015-01-07 17:21 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-09 09:06 - 00003557 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\system32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:31 - 2014-12-24 12:31 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:41 - 2014-12-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:45 - 2014-12-15 14:45 - 00000843 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2014-12-11 09:33 - 2014-12-11 09:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 ____D () C:\Program Files\Java

2014-12-10 16:49 - 2014-12-10 16:49 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-10 10:58 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-10 10:58 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-10 10:58 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-10 10:58 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-10 10:58 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-10 10:58 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-10 10:58 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:09 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:09 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-10 08:08 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-10 08:08 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:08 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:08 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:08 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-10 08:08 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-10 08:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:08 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-10 08:08 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-10 08:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-10 08:08 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-10 08:08 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-10 08:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-10 08:08 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-10 08:08 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:08 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-10 08:08 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-10 08:08 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-10 08:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-10 08:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-10 08:08 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-10 08:08 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-10 08:08 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-10 08:08 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-10 08:08 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:08 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-10 08:08 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:08 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-10 08:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-10 08:08 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-10 08:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-10 08:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-10 08:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-10 08:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-10 08:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-10 08:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-10 08:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-09 09:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-09 09:29 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-09 09:29 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-09 09:19 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-09 09:11 - 2014-11-21 18:25 - 01255144 _____ () C:\Windows\WindowsUpdate.log

2015-01-09 09:07 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-09 09:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-08 11:48 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-07 20:30 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\Users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-22 17:19 - 2014-11-21 18:25 - 00001432 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-16 16:56 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-12-10 16:54 - 2014-11-23 10:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-10 16:49 - 2014-11-23 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-10 16:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-10 11:03 - 2014-11-21 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole4572833848207152153.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:



RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software

mail : hxxp://www.adlice.com/contact/

Feedback : hxxp://forum.adlice.com

Website : hxxp://www.adlice.com/softwares/roguekiller/

Blog : hxxp://www.adlice.com
 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Bonkers [Administrator]

Mode : Scan -- Date : 01/09/2015  10:27:43
 

¤¤¤ Processes : 3 ¤¤¤

[Suspicious.Path] icq.exe(1344) -- C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe[7] -> Killed [TermThr]

[Proc.Injected] iexplore.exe(3244) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]

[Proc.Injected] iexplore.exe(2044) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]
 

¤¤¤ Registry : 24 ¤¤¤

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe -CU  -> Found

[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Windows\CurrentVersion\Run | icq : C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe -CU  -> Found

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found

[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49438;https=127.0.0.1:49438  -> Found

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 

¤¤¤ Tasks : 0 ¤¤¤
 

¤¤¤ Files : 0 ¤¤¤
 

¤¤¤ Hosts File : 6 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25        battlefield2.available.gamespy.com

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25        battlefield2.master.gamespy.com

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25        battlefield2.ms14.gamespy.com

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25        gpsp.gamespy.com

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.25        gpcm.gamespy.com

[C:\Windows\System32\drivers\etc\hosts] 83.169.15.6        eapusher.dice.se
 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] vy1kje3w.default-1419268357671 : user_pref("browser.startup.homepage", "www.google.de"); -> Found
 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-65Z7B0 SATA Disk Device +++++

--- User ---

[MBR] bfe232512100ee3a5e91aebbbe9b2a4f

[BSP] 0786aa3f2c2570e1a7e51a6cc4f6af53 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 104900 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 215042048 | Size: 205000 MB

3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 634882048 | Size: 300478 MB

User = LL1 ... OK

User = LL2 ... OK
 

+++++ PhysicalDrive1: ST1000DM 003-1ER162 SATA Disk Device +++++

--- User ---

[MBR] 8a3d5c31be70d628e60b921d3c477b5f

[BSP] d6106c334ef1dac28d8c270c61e92a82 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500868 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 MB

User = LL1 ... OK

User = LL2 ... OK
 

+++++ PhysicalDrive2: Brother DCP-J125 USB Device +++++

Error reading User MBR! ([15] Das Gerät ist nicht bereit. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] Die Anforderung wird nicht unterstützt. )

schrauber

09.01.2015 14:00

Alle Funde mit RogueKiller löschen.

Bonkers1982

10.01.2015 11:24

Mahlzeit. Na der Beseitigung weg und nun wieder da. 8o(

schrauber

10.01.2015 13:11

Dann schauen wir mal von aussen:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Bonkers1982

11.01.2015 11:03

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015

Ran by SYSTEM on MININT-2HH718B on 11-01-2015 10:59:44

Running from e:\

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\Bonkers\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\Bonkers\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\Bonkers\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-09 15:51 - 2015-01-09 15:51 - 00358595 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-09.json

2015-01-09 10:20 - 2015-01-09 20:38 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys

2015-01-09 10:20 - 2015-01-09 10:20 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-09 10:15 - 2015-01-07 11:38 - 18467928 _____ () C:\Users\Bonkers\Desktop\RogueKillerX64.exe

2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\System32\.crusader

2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log

2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe

2015-01-07 17:13 - 2015-01-10 20:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt

2015-01-07 12:33 - 2015-01-11 10:59 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-11 10:15 - 00003725 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\System32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-11 10:53 - 2014-11-21 18:25 - 01320740 _____ () C:\Windows\WindowsUpdate.log

2015-01-11 10:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-11 10:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-11 10:32 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-11 10:15 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-11 10:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-10 20:27 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-09 20:52 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-09 10:20 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\System32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\System32\appmgmt

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole6248513209054518963.dll
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== Restore Points  =========================
 

Restore point made on: 2015-01-08 12:37:42

Restore point made on: 2015-01-08 20:40:25

Restore point made on: 2015-01-08 20:41:30
 

==================== Memory info =========================== 
 

Percentage of memory in use: 10%

Total physical RAM: 8093.13 MB

Available physical RAM: 7242.67 MB

Total Pagefile: 8091.32 MB

Available Pagefile: 7233.6 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:42.64 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS

Drive e: (FLASH DRIVE) (Removable) (Total:1.85 GB) (Free:1.67 GB) FAT

Drive f: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive h: (Welten) (Fixed) (Total:200.2 GB) (Free:195.19 GB) NTFS

Drive i: (Download) (Fixed) (Total:442.38 GB) (Free:353.42 GB) NTFS

Drive k: (GSP1RMCULXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 1.9 GB) (Disk ID: AC4EABA7)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

--- --- ---

schrauber

11.01.2015 13:57

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Nochmal im normalen Modus scannen.

Bonkers1982

12.01.2015 09:14

Code:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015

Ran by SYSTEM at 2015-01-12 09:00:56 Run:2

Running from K:\

Boot Mode: Recovery

==============================================
 

Content of fixlist:

*****************

2014-12-22 17:02 - 2014-12-22 17:02 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Desktop_Dock

2014-12-22 17:01 - 2014-12-22 17:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\qjnhzepq

Emptytemp:

         

*****************
 

C:\Users\Bonkers\AppData\Local\Desktop_Dock => Moved successfully.

C:\Users\Bonkers\AppData\Roaming\qjnhzepq => Moved successfully.

Emptytemp: => Error: This directive works only outside recovery mode.
 

==== End of Fixlog 09:00:57 ====

Code:



Ran by SYSTEM on MININT-V194UIF on 12-01-2015 09:09:18

Running from K:\

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKU\Bonkers\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\Bonkers\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\Bonkers\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)

S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)

S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)

S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-09 15:51 - 2015-01-09 15:51 - 00358595 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-09.json

2015-01-09 10:20 - 2015-01-09 20:38 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys

2015-01-09 10:20 - 2015-01-09 10:20 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-09 10:15 - 2015-01-07 11:38 - 18467928 _____ () C:\Users\Bonkers\Desktop\RogueKillerX64.exe

2015-01-08 20:41 - 2015-01-08 20:41 - 00003886 _____ () C:\Windows\System32\.crusader

2015-01-08 17:51 - 2015-01-08 17:51 - 00008926 _____ () C:\Users\Bonkers\Desktop\HitmanPro_20150108_1751.log

2015-01-08 17:38 - 2015-01-08 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-08 17:34 - 2015-01-08 17:35 - 11222744 _____ (SurfRight B.V.) C:\Users\Bonkers\Desktop\HitmanPro_x64.exe

2015-01-07 17:13 - 2015-01-12 08:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-01-07 16:45 - 2015-01-07 16:45 - 00001594 _____ () C:\Users\Bonkers\Desktop\Fixlist.txt

2015-01-07 12:33 - 2015-01-12 09:09 - 00000000 ____D () C:\FRST

2015-01-07 12:18 - 2015-01-07 12:18 - 00017589 _____ () C:\Windows\DirectX.log

2015-01-07 08:53 - 2015-01-07 11:58 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader v2.0

2015-01-06 18:06 - 2015-01-06 18:06 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2015-01-06 17:35 - 2015-01-06 18:10 - 00000000 ____D () C:\Users\Bonkers\Desktop\Usedom 14 15

2015-01-05 10:29 - 2015-01-05 10:29 - 00001452 _____ () C:\DelFix.txt

2015-01-05 10:28 - 2015-01-05 10:28 - 00352076 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-01-05.json

2015-01-05 10:17 - 2015-01-05 10:19 - 00000000 ____D () C:\ProgramData\Max Secure

2015-01-05 10:12 - 2015-01-05 10:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\GetRightToGo

2015-01-05 10:12 - 2015-01-05 10:12 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max Secure Software

2015-01-04 12:06 - 2015-01-08 09:32 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung aktuell

2015-01-02 20:26 - 2015-01-05 10:29 - 00000000 ____D () C:\Windows\ERUNT

2014-12-27 10:14 - 2014-12-27 10:22 - 00000000 ____D () C:\Windows\erdnt

2014-12-26 11:11 - 2015-01-12 09:06 - 00003949 _____ () C:\Windows\setupact.log

2014-12-26 11:11 - 2014-12-26 11:11 - 00000000 _____ () C:\Windows\setuperr.log

2014-12-26 11:10 - 2015-01-07 16:49 - 00051744 _____ () C:\Windows\PFRO.log

2014-12-26 10:09 - 2015-01-02 20:23 - 00000000 ____D () C:\Windows\System32\log

2014-12-26 09:53 - 2014-12-26 09:53 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-12-26 09:53 - 2014-12-26 09:53 - 00000000 ____D () C:\Program Files\CCleaner

2014-12-24 12:30 - 2014-12-24 12:30 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-24 11:58 - 2015-01-07 12:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2014-12-24 11:58 - 2014-12-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-24 11:58 - 2014-12-24 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-24 11:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys

2014-12-24 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2014-12-22 20:29 - 2014-12-27 10:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-12-22 18:23 - 2014-12-22 18:23 - 00000000 _____ () C:\autoexec.bat

2014-12-22 16:47 - 2014-12-22 16:47 - 00002290 _____ () C:\Windows\patsearch.bin

2014-12-22 16:46 - 2014-12-22 16:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\StormFall

2014-12-22 16:46 - 2014-12-22 16:51 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Sparta

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\sparta111

2014-12-22 16:46 - 2014-12-22 16:46 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\StormFall

2014-12-19 12:38 - 2014-12-19 12:40 - 00000000 ____D () C:\Users\Bonkers\Desktop\MGS V

2014-12-18 08:03 - 2014-12-18 08:18 - 00000000 ____D () C:\Users\Bonkers\Desktop\Stick

2014-12-18 07:36 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2014-12-18 07:36 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-17 08:42 - 2014-12-17 09:44 - 00000000 ____D () C:\ProgramData\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Origin

2014-12-17 08:42 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 17:41 - 2014-12-17 08:42 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-16 16:56 - 2014-12-16 17:41 - 00000000 ____D () C:\Users\Bonkers\Documents\FUSSBALL MANAGER 10

2014-12-16 16:56 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2014-12-16 16:53 - 2014-12-17 08:42 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts

2014-12-16 16:52 - 2014-12-16 16:52 - 00003044 _____ () C:\Windows\System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3}

2014-12-16 08:18 - 2014-12-16 08:18 - 03951038 _____ () C:\Users\Bonkers\Desktop\rld-f0u5.7z

2014-12-15 14:45 - 2014-12-15 14:46 - 00000000 ____D () C:\Users\Bonkers\Downloads\Trance Zen Dental Spa

2014-12-15 14:44 - 2015-01-07 08:55 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-12 09:06 - 2014-11-21 18:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-12 09:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-12 09:05 - 2014-11-21 18:25 - 01355104 _____ () C:\Windows\WindowsUpdate.log

2015-01-12 09:05 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-12 09:05 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-12 08:54 - 2014-11-21 21:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-01-12 08:43 - 2014-11-21 21:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-10 20:27 - 2014-11-21 21:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-01-09 20:52 - 2014-11-22 18:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-01-07 17:21 - 2011-03-07 12:10 - 00000000 ____D () C:\Program Files (x86)\JDownloader

2015-01-07 16:47 - 2014-11-21 18:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-01-07 13:00 - 2014-11-23 12:24 - 00000000 ____D () C:\Users\Bonkers\Documents\My Games

2015-01-07 12:23 - 2014-11-21 19:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-07 11:57 - 2014-11-21 20:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-01-06 17:37 - 2014-11-21 19:39 - 00111912 _____ () C:\Users\Bonkers\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-05 10:30 - 2009-07-14 05:45 - 00435528 _____ () C:\Windows\System32\FNTCACHE.DAT

2015-01-04 12:03 - 2014-11-29 10:07 - 00000000 ____D () C:\Users\Bonkers\Desktop\Bewerbung

2014-12-28 07:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-27 10:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-26 09:58 - 2014-11-22 01:17 - 00000000 ____D () C:\Windows\Panther

2014-12-25 11:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-12-24 15:17 - 2014-11-21 20:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-24 12:31 - 2014-12-09 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-22 18:23 - 2014-11-21 18:25 - 00000000 ____D () C:\users\Bonkers

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\ProgramData\Avira

2014-12-22 17:47 - 2014-11-21 20:37 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-12-22 17:45 - 2014-11-21 21:38 - 00000000 ____D () C:\Program Files (x86)\AIMP3

2014-12-22 17:44 - 2014-11-21 20:48 - 00000000 ____D () C:\Windows\System32\appmgmt

2014-12-22 17:12 - 2014-11-21 18:45 - 00000000 ____D () C:\ProgramData\Norton

2014-12-22 16:52 - 2014-12-01 13:58 - 00000000 ____D () C:\Program Files (x86)\BF2Hub Client

2014-12-22 16:52 - 2014-11-23 09:34 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\ICQM

2014-12-21 20:48 - 2014-12-02 19:33 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Skype

2014-12-15 16:16 - 2014-11-21 21:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-15 16:16 - 2014-11-21 21:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-15 16:16 - 2014-11-21 21:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-15 16:16 - 2014-11-21 21:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Adobe

2014-12-13 11:05 - 2014-11-21 20:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-13 11:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
 

Some content of TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole9047108747479824946.dll
 
 

==================== Known DLLs (Whitelisted) ================
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== Restore Points  =========================
 

Restore point made on: 2015-01-08 12:37:42

Restore point made on: 2015-01-08 20:40:25

Restore point made on: 2015-01-08 20:41:30
 

==================== Memory info =========================== 
 

Percentage of memory in use: 10%

Total physical RAM: 8093.13 MB

Available physical RAM: 7240.61 MB

Total Pagefile: 8091.32 MB

Available Pagefile: 7229.53 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:42.31 GB) NTFS

Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:352.29 GB) NTFS

Drive h: (Welten) (Fixed) (Total:200.2 GB) (Free:195.19 GB) NTFS

Drive j: (GSP1RMCULXFRER_DE_DVD) (CDROM) (Total:3.04 GB) (Free:0 GB) UDF

Drive k: (FLASH DRIVE) (Removable) (Total:1.85 GB) (Free:1.62 GB) FAT

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (Spiele) (Fixed) (Total:489.13 GB) (Free:314.64 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 3 (Size: 1.9 GB) (Disk ID: AC4EABA7)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)
 
 

LastRegBack: 2015-01-05 16:29
 

==================== End Of Log ============================

schrauber

12.01.2015 09:41

Jetzt bitte normal booten und nochmal testen.

Bonkers1982

13.01.2015 09:52

So scheint wohl erstmal wieder alles schick zu sein. BEsten Dank. Adios.

schrauber

13.01.2015 16:10

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Bonkers1982

29.05.2015 16:44

Ahoi,

hab mal wieder ein Problem. Nuetze jetzt einfach mal hier einen alten Beitrag von mir. Und zwar kommt kurz nach dem Start immer eine Fehlermeldung bzw. eine Virusmeldung. Trotz entfernen dieses Virus kommt er immer und immer wieder. Fehlermeldung lade ich hoch. Vielleicht wisst ihr nen Rat, wie man den Mist wieder los wird. Danke.

Bonkers1982

29.05.2015 16:46

Liste der Anhänge anzeigen (Anzahl: 1)

Zitat:

Zitat von Bonkers1982 (Beitrag 1471774)

Code:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01

Ran by Bonkers (administrator) on BONKERS-PC on 29-05-2015 17:41:18

Running from J:\Programme

Loaded Profiles: Bonkers (Available Profiles: Bonkers)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Windows\DAODx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ICQ) C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(BF2Hub Systems) C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe

(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(AppWork GmbH) C:\Users\Bonkers\AppData\Local\JDownloader 2.0\JDownloader2.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)

HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [BF2Hub Client] => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe [1521664 2014-07-17] (BF2Hub Systems)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-15] (Raptr, Inc)

HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [icq] => C:\Users\Bonkers\AppData\Roaming\ICQM\icq.exe [35239432 2014-11-23] (ICQ)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)

BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-11] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-11] (Oracle Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)

BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\i7v79u20.default-1432369977391

FF Homepage: www.google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-11] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-11] (Oracle Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Extension: Adblock Plus - C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\i7v79u20.default-1432369977391\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-23]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)

R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-06] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S2 23cb3056; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.93\OptProMon.dll",ENT <==== ATTENTION

S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]

S2 globalUpdate1d09531cbce3201; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X]

S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION

S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-21] (Disc Soft Ltd)

R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)

S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.SYS [31899 2006-10-23] (Compuware Corporation) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 cpuz134; \??\C:\Users\Bonkers\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-05-29 07:36 - 2015-05-29 17:31 - 00000112 _____ () C:\Windows\setupact.log

2015-05-29 07:36 - 2015-05-29 07:36 - 00000000 _____ () C:\Windows\setuperr.log

2015-05-28 15:14 - 2015-05-28 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-05-28 15:07 - 2015-05-28 15:07 - 00024401 _____ () C:\Users\Bonkers\Desktop\5.jpeg

2015-05-28 15:00 - 2015-05-29 17:36 - 01952848 _____ () C:\Users\Bonkers\AppData\Roaming\5.exe

2015-05-27 19:23 - 2015-05-27 19:23 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group

2015-05-27 19:21 - 2015-05-28 07:47 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP

2015-05-25 18:28 - 2015-05-25 18:38 - 00000000 ____D () C:\ProgramData\SecTaskMan

2015-05-25 18:28 - 2015-05-25 18:38 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager

2015-05-25 18:28 - 2015-05-25 18:28 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\SecTaskMan

2015-05-23 11:04 - 2015-05-23 11:04 - 00004282 _____ () C:\Windows\System32\Tasks\ReimageUpdater

2015-05-23 10:24 - 2015-05-23 10:24 - 00000008 _____ () C:\END

2015-05-23 10:19 - 2015-05-23 11:04 - 00000128 _____ () C:\Windows\Reimage.ini

2015-05-23 10:18 - 2015-05-23 10:27 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Opera Software

2015-05-23 10:18 - 2015-05-23 10:27 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Opera Software

2015-05-23 10:18 - 2015-05-23 10:18 - 00003912 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd

2015-05-23 10:18 - 2015-05-23 10:18 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader

2015-05-23 10:17 - 2015-05-23 10:17 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashRpt

2015-05-23 09:59 - 2015-02-19 13:09 - 00020248 _____ () C:\Windows\system32\roboot64.exe

2015-05-23 09:58 - 2015-05-29 17:31 - 00001694 _____ () C:\Windows\Tasks\XFUPFNOQ.job

2015-05-23 09:58 - 2015-05-23 09:58 - 00004728 _____ () C:\Windows\System32\Tasks\XFUPFNOQ

2015-05-23 09:58 - 2015-05-23 09:58 - 00000000 ____D () C:\ProgramData\Registry Helper

2015-05-23 09:56 - 2015-05-23 09:57 - 00000000 ____D () C:\Users\Bonkers\Documents\MaxComputerCleaner

2015-05-23 09:56 - 2015-05-23 09:56 - 00003228 _____ () C:\Windows\System32\Tasks\MaxComputerCleaner_Start

2015-05-23 09:56 - 2015-05-23 09:56 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Max_Computer_Cleaner

2015-05-22 14:53 - 2015-05-22 14:53 - 00003266 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule

2015-05-22 14:52 - 2015-05-29 17:31 - 00001028 _____ () C:\Windows\Tasks\yGc37UpPqrj0EHiP9sRU205O.job

2015-05-22 14:52 - 2015-05-23 10:23 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-05-22 14:52 - 2015-05-22 14:52 - 00004062 _____ () C:\Windows\System32\Tasks\yGc37UpPqrj0EHiP9sRU205O

2015-05-22 14:52 - 2015-05-22 14:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\globalUpdate

2015-05-22 14:50 - 2015-05-22 14:50 - 00003764 _____ () C:\Windows\System32\Tasks\Convertor

2015-05-22 14:50 - 2015-05-22 14:50 - 00003288 _____ () C:\Windows\System32\Tasks\Winsta Update

2015-05-22 14:50 - 2015-05-22 14:50 - 00003252 _____ () C:\Windows\System32\Tasks\WinKit

2015-05-22 14:50 - 2015-05-22 14:50 - 00003158 _____ () C:\Windows\System32\Tasks\{4A75F284-DEEC-4613-8776-8D798E06E2C3}

2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\PDFConvert

2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Winsta

2015-05-22 14:50 - 2015-05-22 14:50 - 00000000 ____D () C:\Program Files (x86)\Convertor

2015-05-20 16:26 - 2015-05-24 10:31 - 00000000 ____D () C:\Users\Bonkers\Documents\WWE2K15

2015-05-20 14:04 - 2015-05-20 14:04 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AMD

2015-05-20 14:02 - 2015-05-20 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved

2015-05-20 14:02 - 2015-05-20 14:02 - 00000000 ____D () C:\ProgramData\ATI

2015-05-20 14:01 - 2015-05-20 14:01 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\library_dir

2015-05-20 13:59 - 2015-05-27 17:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Raptr

2015-05-20 13:59 - 2015-05-20 14:02 - 00000000 ____D () C:\Program Files (x86)\Raptr

2015-05-20 13:59 - 2015-05-20 13:59 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201505201359343112.log

2015-05-20 13:59 - 2015-05-20 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2015-05-20 13:59 - 2015-05-20 13:59 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2015-05-20 13:54 - 2015-05-20 13:54 - 00000000 ____D () C:\AMD

2015-05-19 18:56 - 2015-05-28 16:31 - 00000000 ____D () C:\Users\Bonkers\Documents\The Witcher 3

2015-05-18 20:32 - 2015-05-18 20:32 - 00003226 _____ () C:\Windows\System32\Tasks\{664944CE-CA3A-4097-B5C3-C5D3477CE076}

2015-05-17 20:38 - 2015-05-17 20:42 - 00000000 ____D () C:\Windows\system32\MRT

2015-05-17 20:38 - 2015-04-30 10:07 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-05-17 20:22 - 2015-05-17 20:22 - 00000000 ____D () C:\Windows\USB Vibration

2015-05-17 20:22 - 2015-05-17 20:22 - 00000000 ____D () C:\Program Files (x86)\VID_0E8F&PID_3013

2015-05-17 20:22 - 2007-01-19 11:37 - 00073757 _____ () C:\Windows\SysWOW64\dancemat.exe

2015-05-17 20:22 - 2006-10-23 11:42 - 00031899 _____ (Compuware Corporation) C:\Windows\SysWOW64\Drivers\hid8101.sys

2015-05-17 16:23 - 2015-05-17 16:32 - 00000000 ____D () C:\Program Files (x86)\USB Vibration

2015-05-17 16:20 - 2015-05-29 17:31 - 00000370 _____ () C:\Windows\Tasks\LYETIXL1.job

2015-05-17 16:20 - 2015-05-17 16:20 - 00002892 _____ () C:\Windows\System32\Tasks\LYETIXL1

2015-05-17 16:20 - 2015-05-17 16:20 - 00000000 ____D () C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8

2015-05-17 14:38 - 2015-05-17 14:38 - 01418322 _____ () C:\Users\Bonkers\Downloads\2009113151455.rar

2015-05-17 14:38 - 2015-05-17 14:38 - 00751288 _____ (Web ) C:\Users\Bonkers\Downloads\DriverGuide_Driver_Download_1834844(1).exe

2015-05-17 14:37 - 2015-05-17 14:37 - 00751288 _____ (Web ) C:\Users\Bonkers\Downloads\DriverGuide_Driver_Download_1834844.exe

2015-05-17 13:35 - 2015-05-17 13:35 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\MK10

2015-05-15 12:37 - 2015-05-15 12:37 - 00000000 ____D () C:\ProgramData\Socialclub

2015-05-15 12:28 - 2015-05-23 11:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-05-14 10:07 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-14 10:07 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-13 18:57 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-05-13 18:57 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-05-13 18:57 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-05-13 18:57 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-05-13 18:57 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-05-13 18:57 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-05-13 18:57 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-05-13 18:57 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-05-13 18:57 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-05-13 18:57 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-05-13 18:57 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-05-13 18:57 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-05-13 18:57 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-05-13 18:57 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-05-13 18:57 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-05-13 18:57 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-05-13 18:57 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-05-13 18:57 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-05-13 18:57 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-05-13 18:57 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-05-13 18:57 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-05-13 18:57 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-05-13 18:57 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-05-13 18:57 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-05-13 18:57 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-05-13 18:57 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-05-13 18:57 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-05-13 18:57 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-05-13 18:57 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-05-13 18:57 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-05-13 18:57 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-05-13 18:57 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-05-13 18:57 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-05-13 18:56 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-05-13 18:56 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-05-13 18:56 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-05-13 18:56 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-05-13 18:55 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-05-13 18:55 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-05-13 18:55 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-05-13 18:55 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2015-05-13 18:55 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-05-13 18:52 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-05-13 18:52 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-05-13 18:52 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-05-13 18:52 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-05-13 18:52 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-05-13 18:52 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-05-13 18:52 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-05-13 18:52 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-05-13 18:52 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-05-13 18:52 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-05-13 18:52 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-05-13 18:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-05-13 18:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-05-13 18:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-05-13 18:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-05-13 18:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-05-13 18:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-05-13 18:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-05-13 18:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-05-13 18:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-05-13 18:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-05-13 18:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-05-13 18:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-05-13 18:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-05-13 18:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-05-13 18:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-05-13 18:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-05-13 18:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-05-13 18:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-05-13 18:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-05-13 18:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-05-13 18:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-05-13 18:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-05-13 18:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-05-13 18:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-05-13 18:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-05-13 18:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-05-13 18:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-05-13 18:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-05-13 18:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-05-13 18:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-05-13 18:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-05-13 18:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-05-13 18:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-05-13 18:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-05-13 18:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-05-13 18:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-05-13 18:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-05-13 18:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-05-13 18:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-05-13 18:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-05-13 18:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-05-13 18:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-05-13 18:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-05-13 18:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-05-13 18:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-05-13 18:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-05-13 18:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-05-13 18:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-05-13 18:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-05-13 18:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-05-13 18:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-05-13 18:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-05-13 18:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-05-13 18:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-05-13 18:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-05-13 18:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-05-13 18:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-05-13 18:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-05-13 18:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-05-13 18:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-05-13 18:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-05-13 18:37 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

2015-05-13 18:37 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

2015-05-12 20:25 - 2015-05-12 20:25 - 00233472 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\SafeAppLM.ocx

2015-05-11 19:15 - 2015-05-23 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-05-11 19:15 - 2015-05-23 11:23 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-05-11 19:11 - 2015-05-11 19:11 - 01203488 _____ () C:\Users\Bonkers\Downloads\Firefox - CHIP-Installer.exe

2015-05-11 18:13 - 2015-05-11 18:13 - 00020835 _____ () C:\ComboFix.txt

2015-05-11 18:00 - 2015-05-11 18:13 - 00000000 ____D () C:\Qoobox

2015-05-11 18:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-05-11 18:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-05-11 18:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-05-11 18:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-05-11 18:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-05-11 18:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2015-05-11 18:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2015-05-11 18:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2015-05-11 17:01 - 2015-05-11 17:01 - 00347117 _____ () C:\Users\Bonkers\Desktop\bookmarks-2015-05-11.json

2015-05-10 20:43 - 2015-05-10 20:43 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Prompt Downloader

2015-05-10 20:40 - 2015-05-11 07:29 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\SpeedFox

2015-05-10 20:40 - 2015-05-10 20:40 - 00003094 _____ () C:\Windows\System32\Tasks\iren3006

2015-05-08 16:29 - 2015-05-08 16:59 - 288305479 _____ () C:\Users\Bonkers\Desktop\2012-04-21 - Christoph Boenigks 30. Geburtstag.zip

2015-05-07 20:37 - 2015-05-07 20:43 - 00000000 ____D () C:\Users\Bonkers\Desktop\Lappi HP 635

2015-05-07 18:58 - 2015-05-07 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-05-06 17:46 - 2015-05-06 17:47 - 00002562 _____ () C:\Windows\diagwrn.xml

2015-05-06 17:46 - 2015-05-06 17:47 - 00001908 _____ () C:\Windows\diagerr.xml

2015-05-06 17:35 - 2015-05-06 17:35 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\Nero

2015-05-06 17:31 - 2015-05-06 17:31 - 00000000 ____D () C:\Windows\System32\Tasks\Nero

2015-05-06 17:30 - 2015-05-06 17:31 - 00000000 ____D () C:\ProgramData\Nero

2015-05-06 17:30 - 2015-05-06 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

2015-05-06 17:30 - 2015-05-06 17:30 - 00000000 ____D () C:\Program Files (x86)\Nero

2015-05-05 21:00 - 2015-05-05 21:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf

2015-05-05 01:18 - 2015-05-05 01:18 - 03162112 _____ (CyberActiveX) C:\Windows\SysWOW64\UniSuitePlus_BDC0849A.ocx
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2015-05-29 17:41 - 2015-01-07 13:33 - 00000000 ____D () C:\FRST

2015-05-29 17:41 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-29 17:41 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-29 17:38 - 2011-04-12 09:43 - 00699208 _____ () C:\Windows\system32\perfh007.dat

2015-05-29 17:38 - 2011-04-12 09:43 - 00149348 _____ () C:\Windows\system32\perfc007.dat

2015-05-29 17:38 - 2009-07-14 07:13 - 01619752 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-29 17:37 - 2014-11-21 19:25 - 01409113 _____ () C:\Windows\WindowsUpdate.log

2015-05-29 17:34 - 2015-01-07 18:13 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\JDownloader 2.0

2015-05-29 17:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-29 07:43 - 2014-11-21 22:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-28 18:09 - 2014-11-21 22:38 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\AIMP3

2015-05-28 15:33 - 2014-11-21 22:26 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\vlc

2015-05-28 15:17 - 2014-12-15 15:44 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\uTorrent

2015-05-28 15:17 - 2014-11-21 21:52 - 00000000 ____D () C:\Users\Bonkers\AppData\Roaming\DAEMON Tools Lite

2015-05-28 15:15 - 2014-11-22 19:07 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\CrashDumps

2015-05-28 15:14 - 2014-12-26 10:53 - 00000000 ____D () C:\Program Files\CCleaner

2015-05-27 17:36 - 2014-12-24 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-27 17:36 - 2014-12-24 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-27 17:36 - 2014-12-24 12:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-23 10:29 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-05-23 10:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2015-05-23 10:27 - 2014-11-21 19:25 - 00001648 _____ () C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-05-23 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System

2015-05-23 09:58 - 2014-11-21 19:30 - 00000000 ____D () C:\Program Files (x86)\Google

2015-05-20 21:57 - 2015-04-04 14:36 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-05-20 21:57 - 2015-04-04 14:36 - 00000000 ___SD () C:\Windows\system32\GWX

2015-05-20 13:59 - 2014-11-21 21:03 - 00000000 ____D () C:\ProgramData\AMD

2015-05-20 13:59 - 2014-11-21 19:34 - 00000000 ____D () C:\Program Files\AMD

2015-05-20 13:58 - 2014-11-21 20:56 - 00000000 ____D () C:\Program Files\ATI Technologies

2015-05-20 13:56 - 2014-11-21 21:04 - 00000000 ____D () C:\Program Files (x86)\AMD

2015-05-20 13:55 - 2014-11-21 20:58 - 00000000 ____D () C:\ProgramData\Package Cache

2015-05-18 09:39 - 2014-11-21 19:26 - 00033561 _____ () C:\Windows\Ascd_tmp.ini

2015-05-18 09:39 - 2014-11-21 19:26 - 00001769 _____ () C:\Windows\Language_trs.ini

2015-05-18 09:39 - 2014-11-21 19:26 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS

2015-05-18 08:52 - 2014-11-21 19:45 - 00000000 ____D () C:\ProgramData\Norton

2015-05-17 20:22 - 2014-11-21 19:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-05-15 11:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-05-15 10:45 - 2009-07-14 06:45 - 00435528 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-05-14 11:18 - 2014-11-21 22:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-05-14 11:18 - 2014-11-21 21:55 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-05-14 11:18 - 2011-04-12 09:54 - 00000000 ____D () C:\Program Files\Windows Journal

2015-05-14 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

2015-05-14 10:11 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini

2015-05-14 10:03 - 2014-11-23 11:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-05-13 22:10 - 2015-04-13 20:15 - 00000000 ____D () C:\Program Files\Rockstar Games

2015-05-13 22:10 - 2015-04-13 20:15 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2015-05-11 18:18 - 2014-11-21 19:30 - 00000000 ____D () C:\Users\Bonkers\AppData\Local\Google

2015-05-11 18:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2015-05-11 17:56 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-05-11 17:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-05-11 07:29 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-05-07 18:57 - 2014-11-21 21:37 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-05-07 18:57 - 2014-11-21 21:37 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-05-01 15:52 - 2014-11-20 18:51 - 00000000 ____D () C:\Users\Bonkers\Desktop\Desktop 5
 

==================== Files in the root of some directories =======
 

2015-05-28 15:00 - 2015-05-29 17:36 - 1952848 _____ () C:\Users\Bonkers\AppData\Roaming\5.exe

2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Bonkers\AppData\Roaming\IKQVC

2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Bonkers\AppData\Roaming\KJDTZZNB

2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Bonkers\AppData\Roaming\MYOPH

2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Bonkers\AppData\Roaming\XFUPFNOQ

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Bonkers\AppData\Roaming\yGc37UpPqrj0EHiP9sRU205O

2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Bonkers\AppData\Roaming\ZIGV

2014-11-21 19:38 - 2014-11-21 19:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some files in TEMP:

====================

C:\Users\Bonkers\AppData\Local\Temp\avgnt.exe

C:\Users\Bonkers\AppData\Local\Temp\proxy_vole8730480923381236824.dll

C:\Users\Bonkers\AppData\Local\Temp\Uninstall.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-05-24 11:36
 

==================== End of log ============================

schrauber

30.05.2015 13:20

Aktuelle Addition.txt fehlt noch :)

Bonkers1982

31.05.2015 11:53

Code:



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01

Ran by Bonkers at 2015-05-31 12:51:05

Running from J:\Programme

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-2975933613-4275264652-1912998914-500 - Administrator - Disabled)

Bonkers (S-1-5-21-2975933613-4275264652-1912998914-1000 - Administrator - Enabled) => C:\Users\Bonkers

Gast (S-1-5-21-2975933613-4275264652-1912998914-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2975933613-4275264652-1912998914-1003 - Limited - Enabled)
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1483, 27.02.2015 - AIMP DevTeam)

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology)

Assassins Creed Chronicles China (HKLM-x32\...\Assassins Creed Chronicles China_is1) (Version:  - )

Assassin's Creed Rogue (HKLM-x32\...\Uplay Install 895) (Version:  - Ubisoft)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)

AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)

Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )

BF2Hub Client (HKLM-x32\...\bf2hub) (Version:  - BF2Hub Systems)

Blackguards 2 (HKLM-x32\...\Blackguards2_is1) (Version: 1.1 - Daedalic Entertainment GmbH)

Brother MFL-Pro Suite DCP-J125 (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

Call of Duty Advanced Warfare (HKLM-x32\...\Call of Duty Advanced Warfare_is1) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

FUSSBALL MANAGER 10 (HKLM-x32\...\FUSSBALL MANAGER 10) (Version: 2.0.0.7 - Electronic Arts)

Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )

ICQ 8.2 (build 7138) (HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\...\ICQ) (Version: 8.2.7138.0 - ICQ)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)

Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version:  - )

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)

Mortal Kombat X (HKLM-x32\...\TW9ydGFsS29tYmF0WA==_is1) (Version: 1 - )

Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)

Nero Burning ROM 2014 (HKLM-x32\...\{B0E4ACBC-4CFA-4B6D-9B7B-E13C171BCC23}) (Version: 15.0.05300 - Nero AG)

Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)

Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PeaZip 5.5.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)

Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden

Prototype 2 (HKLM-x32\...\Prototype 2_is1) (Version:  - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Resident Evil Revelations 2 (HKLM-x32\...\Resident Evil Revelations 2_is1) (Version:  - )

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )

The Incredible Adventures of Van Helsing II (HKLM-x32\...\The Incredible Adventures of Van Helsing II_is1) (Version: 1.0 - PLAZA)

The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version:  - )

TWIN PS TO PC CONVERTER (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )

Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version:  - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)

USB Dual Vibration Joystick - Twin (HKLM-x32\...\{21A6E85C-0310-4623-BE61-35DFE2F9AA88}) (Version: 2005.10.24 - )

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )

Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )

WWE 2K15 (HKLM-x32\...\V1dFMksxNQ==_is1) (Version: 1 - )
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-2975933613-4275264652-1912998914-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Bonkers\AppData\Roaming\lection\gendaqof.dll No File <==== ATTENTION
 

==================== Restore Points =========================
 

27-05-2015 19:21:54 Installed SpyHunter

27-05-2015 19:49:31 Removed SpyHunter

27-05-2015 19:52:41 Installed SpyHunter

28-05-2015 07:45:23 Removed SpyHunter

28-05-2015 07:47:26 Removed SpyHunter
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2014-12-01 15:15 - 00001150 ____N C:\Windows\system32\Drivers\etc\hosts

83.169.15.25        battlefield2.available.gamespy.com

83.169.15.25        battlefield2.master.gamespy.com

83.169.15.25        battlefield2.ms14.gamespy.com

83.169.15.25        gpsp.gamespy.com

83.169.15.25        gpcm.gamespy.com

83.169.15.6        eapusher.dice.se
 
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {115747D7-60A7-4AFC-8EE7-57A4B2D35261} - System32\Tasks\{4A75F284-DEEC-4613-8776-8D798E06E2C3} => pcalua.exe -a C:\Users\Bonkers\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=cmi

Task: {12646815-B0A4-4490-836C-2A99D4260107} - System32\Tasks\iren3006 => C:\PROGRA~2\HIGHLI~1\iren3006.exe <==== ATTENTION

Task: {12C4A70D-793C-47B0-BDFE-367281D8EC2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {20539226-8628-4305-B4C6-50E7DD679FB7} - System32\Tasks\{A32FE87B-45CE-4AA7-B6DF-40C336FD7AF3} => pcalua.exe -a L:\Autorun.exe -d L:\

Task: {2294BF3B-ABE8-4DE7-876E-13873D4874DC} - System32\Tasks\{612E6FB8-90EE-4D1F-89F8-4C748A1906CB} => pcalua.exe -a J:\avm_fritz!wlan_usb_stick_build_090320.exe -d J:\

Task: {2E661FEE-9559-4685-830D-5657E2783753} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)

Task: {38A930E6-1B44-47AA-B402-1AB2BEEFB4CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

Task: {3D1556C6-AE16-4E1E-B992-2022D0B9999B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {3F397C35-587E-4FC2-9EEB-1C1117FF2210} - System32\Tasks\yGc37UpPqrj0EHiP9sRU205O => C:\Users\Bonkers\AppData\Roaming\yGc37UpPqrj0EHiP9sRU205O.exe <==== ATTENTION

Task: {47D0BB50-AF24-414D-9AA9-D976CCBBEA39} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION

Task: {4CE75E45-8DE4-474A-8893-0F6E08E20870} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe

Task: {4D6EE623-5F8B-436A-817B-AE43F989D42B} - System32\Tasks\{664944CE-CA3A-4097-B5C3-C5D3477CE076} => pcalua.exe -a "C:\Program Files (x86)\USB Vibration\8101\setup\setup.exe" -d "C:\Program Files (x86)\USB Vibration\8101\setup"

Task: {58F678FC-DF6C-4360-8896-4B5079A2DBDA} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION

Task: {5C67E46F-F128-4CAC-8A07-F689694AF82C} - \SMWUpd No Task File <==== ATTENTION

Task: {6AB76BB1-7EF7-43BC-AA4C-2DC0B5F79881} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {6F420C1B-DAAF-4C9B-ACA9-B9DF4B1CF6AF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {73776DF7-6DB8-4466-B3B3-40914F8153DD} - System32\Tasks\WinKit => C:\Users\Bonkers\AppData\Roaming\PDFConvert\SWUpdate.exe [2014-11-25] ()

Task: {768610D6-A129-4FD1-BE49-DD8FDE74AF4E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)

Task: {8D972DF9-13FB-4F2B-83CE-1B8F650E1D83} - \RegClean Pro No Task File <==== ATTENTION

Task: {A49ACC27-1538-4ED9-9B64-2D0EBA80C822} - System32\Tasks\Convertor => C:\Program Files (x86)\Convertor\Convertor.exe [2014-11-25] ()

Task: {B24A8CE1-64E2-4796-8481-AB149EA78532} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {B60AD4BC-A648-40E7-9E92-E29BA7777A6A} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe

Task: {B8B39EBE-F5F7-4032-8B7C-E0AF6D1F948F} - System32\Tasks\LYETIXL1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe

Task: {C13B12F3-9CB4-41A2-AEAF-DDDE7B8F4DED} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {C94759A4-1F34-47B3-83FB-92E86E1C11EB} - \SMW_UpdateTask_Time_313738303133333735302d3437415a556c2a3223346c41 No Task File <==== ATTENTION

Task: {E187C15E-15C5-4EBE-958B-9134A164C1DA} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()

Task: {E4BC0D5F-6E0A-4BCD-9875-6FBDD0387665} - System32\Tasks\Winsta Update => C:\Program Files (x86)\Winsta\bin\Winsta.exe [2014-11-25] ()

Task: {E85CB272-ECED-4DF9-838A-FE7A290E11AB} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION

Task: {F0C9D6B3-3118-410D-A3DB-65EFCB39D845} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.93\OptProLauncher.exe <==== ATTENTION

Task: {F0F1250B-525E-48A5-93B5-F3FEBD7D4E95} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {F52A86ED-35C9-4EC3-B5AC-E1B8CC750683} - \ASP No Task File <==== ATTENTION

Task: {F5C1A0AC-4C5D-4DC4-8D33-6D21ED9C460E} - System32\Tasks\XFUPFNOQ => C:\Users\Bonkers\AppData\Roaming\XFUPFNOQ.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\LYETIXL1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe

Task: C:\Windows\Tasks\XFUPFNOQ.job => C:\Users\Bonkers\AppData\Roaming\XFUPFNOQ.exe <==== ATTENTION

Task: C:\Windows\Tasks\yGc37UpPqrj0EHiP9sRU205O.job => C:\Users\Bonkers\AppData\Roaming\yGc37UpPqrj0EHiP9sRU205O.exe <==== ATTENTION
 

==================== Loaded Modules (Whitelisted) ==============
 

2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll

2014-11-20 21:23 - 2014-11-20 21:23 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-12-06 17:19 - 2014-12-06 17:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-11-23 10:35 - 2014-11-23 10:35 - 00859144 _____ () C:\Users\Bonkers\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

2015-04-15 14:43 - 2015-04-15 14:43 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 
 

==================== Safe Mode (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
 

==================== EXE Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-2975933613-4275264652-1912998914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: BF2Hub Client => C:\Program Files (x86)\BF2Hub Client\bf2hub.exe

MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.93\OptProLauncher.exe

MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1449\jsdrv.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

MSCONFIG\startupreg: uTorrent => "C:\Users\Bonkers\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{4C7D89AE-1747-43AC-A8CA-F2AD5ACFFA58}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{D9FA5DB1-FB3F-4AAC-A02E-FCDD1B49703A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{FF847FAA-490C-4210-9488-B6D015C6DA6C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{E8F5DC45-5AE9-4520-A45C-AAEC69F6D2C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [TCP Query User{1F3BADE2-CD37-4460-9CA7-8E5C9870A287}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{20C69D78-C580-4CE5-BC25-2BB075F374A8}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{CCB12F46-8C84-4604-960D-FF92BEC5450D}D:\far cry 4\bin\farcry4.exe] => (Allow) D:\far cry 4\bin\farcry4.exe

FirewallRules: [UDP Query User{677C07B0-5822-4B61-9E34-331EF02C8A52}D:\far cry 4\bin\farcry4.exe] => (Allow) D:\far cry 4\bin\farcry4.exe

FirewallRules: [{6E1C5EC9-031E-4107-981A-A0F767885C2E}] => (Allow) D:\Battlefield 2a\BF2.exe

FirewallRules: [{099444E0-2A24-490E-BA49-CD897E59EB2F}] => (Allow) D:\Battlefield 2a\BF2.exe

FirewallRules: [TCP Query User{D70962D0-2A9E-4020-94D0-DA452340B3A5}D:\battlefield 2a\bf2_w32ded.exe] => (Allow) D:\battlefield 2a\bf2_w32ded.exe

FirewallRules: [UDP Query User{81E1D8BB-6A84-497F-BE01-89D64AA7E2C1}D:\battlefield 2a\bf2_w32ded.exe] => (Allow) D:\battlefield 2a\bf2_w32ded.exe

FirewallRules: [{53DE63E3-8D59-434E-ACFD-32C08651B19C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{98352591-E30B-4488-A76D-AAC78A4FB221}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{8E6B6D00-32A2-4977-BF6A-328198A79DF7}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [TCP Query User{DB5C359C-6A12-41D3-8E08-F2D9A713DAEC}C:\users\bonkers\appdata\roaming\icqm\icq.exe] => (Allow) C:\users\bonkers\appdata\roaming\icqm\icq.exe

FirewallRules: [UDP Query User{603DF417-1E3F-467E-B589-0A562EDE8C41}C:\users\bonkers\appdata\roaming\icqm\icq.exe] => (Allow) C:\users\bonkers\appdata\roaming\icqm\icq.exe

FirewallRules: [{AF42F4DB-EC8C-4696-B9C6-4E438B8040F3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{F798B8C8-D0FC-4C4D-A932-30BBF191D0E0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{271DA732-E276-470A-B8D5-4471491B8693}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{23DA21AC-7305-47D1-BE87-BC5AE3B19ABB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [TCP Query User{AF5FD2E2-F029-4C3F-9D41-20CEC978D498}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [UDP Query User{A118F0EE-FC41-4599-B993-2A1BC7CBA73F}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe

FirewallRules: [{4F6A6371-167A-444D-A9ED-56581B4D5D42}] => (Allow) C:\Users\Bonkers\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{17A0B9F8-7D46-4877-A97E-0F116C676342}] => (Allow) C:\Users\Bonkers\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{D39F7E14-3295-4487-897F-DF983AE46272}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe

FirewallRules: [UDP Query User{CEB31F27-2E67-4880-8680-65CE2F7AEF4C}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe

FirewallRules: [TCP Query User{C0DE7E00-4355-4C5D-B0DB-318E04726A9C}D:\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\saints row gat out of hell\saintsrowgatoutofhell.exe

FirewallRules: [UDP Query User{E43511F0-D63E-469D-A3CF-CEFB60938FE4}D:\saints row gat out of hell\saintsrowgatoutofhell.exe] => (Allow) D:\saints row gat out of hell\saintsrowgatoutofhell.exe

FirewallRules: [TCP Query User{FD9F34A4-109A-4B1F-BFA0-930D749FC220}D:\prototype 2\prototype2.exe] => (Allow) D:\prototype 2\prototype2.exe

FirewallRules: [UDP Query User{0B53E853-DAFC-4011-A99A-29538FE118E5}D:\prototype 2\prototype2.exe] => (Allow) D:\prototype 2\prototype2.exe

FirewallRules: [{D2C4A262-408F-4A8B-BE92-50D428EFE078}] => (Allow) D:\Assassin's Creed Rogue\ACC.exe

FirewallRules: [{97A4BFA8-11F7-49A9-8830-0847A3A981B4}] => (Allow) D:\Assassin's Creed Rogue\ACC.exe

FirewallRules: [TCP Query User{9A76EC22-9D01-4EE8-94EF-435D43BD2EBF}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe

FirewallRules: [UDP Query User{DD56DB3D-73AF-4A8D-8038-73DC08BF9235}D:\grand theft auto v\gta5.exe] => (Allow) D:\grand theft auto v\gta5.exe

FirewallRules: [TCP Query User{8DF8965C-2142-435F-A385-A6616D807ABB}D:\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe

FirewallRules: [UDP Query User{45BAD2D9-5299-4DF7-B8C9-87AAAFE5321E}D:\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassins creed chronicles china\binaries\win32\accgame-win32-shipping.exe

FirewallRules: [{33B9E880-D0E0-49FE-82CE-536CB745726D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{01879001-D669-4463-99FB-852A09D92209}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{41092CD6-9021-4FC1-9527-DA33BAF0A8E8}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe

FirewallRules: [{0BBB7306-FC5A-4B20-A47E-8EC93CB70D76}] => (Allow) C:\Users\Bonkers\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [{EA16AF1E-9C6F-434F-A801-D6196AEF3CE0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{08D9B472-C5A2-44FC-8464-7DE3737254B2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{B02CA9D6-3949-4D60-91EB-516A27D17300}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{AA1A6CCD-B591-43B4-A1CE-738AA477BE7A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/31/2015 00:48:09 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
 

Error: (05/31/2015 00:39:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/30/2015 07:59:30 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa

Ausnahmecode: 0xc000000d

Fehleroffset: 0x000000000006ec12

ID des fehlerhaften Prozesses: 0x8f4

Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0

Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1

Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2

Berichtskennung: svchost.exe_DiagTrack3
 

Error: (05/30/2015 07:17:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (05/30/2015 07:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/30/2015 09:02:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
 

Error: (05/30/2015 08:53:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/29/2015 10:21:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa

Ausnahmecode: 0xc000000d

Fehleroffset: 0x000000000006ec12

ID des fehlerhaften Prozesses: 0xaa0

Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_DiagTrack0

Pfad der fehlerhaften Anwendung: svchost.exe_DiagTrack1

Pfad des fehlerhaften Moduls: svchost.exe_DiagTrack2

Berichtskennung: svchost.exe_DiagTrack3
 

Error: (05/29/2015 05:41:34 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (05/29/2015 05:32:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (05/31/2015 00:40:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "globalUpdate Update Service (globalUpdate1d09531cbce3201)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/31/2015 00:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/31/2015 00:38:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "BrsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/31/2015 00:38:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OptimizerPro Monitoring erreicht.
 

Error: (05/30/2015 07:59:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Diagnostics Tracking Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (05/30/2015 07:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "globalUpdate Update Service (globalUpdate1d09531cbce3201)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/30/2015 07:07:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/30/2015 07:07:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "BrsHelper" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (05/30/2015 07:07:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst OptimizerPro Monitoring erreicht.
 

Error: (05/30/2015 08:55:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "globalUpdate Update Service (globalUpdate1d09531cbce3201)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 
 

Microsoft Office:

=========================

Error: (05/31/2015 00:48:09 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestc:\program files\ccleaner\CCleaner.exe
 

Error: (05/31/2015 00:39:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/30/2015 07:59:30 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec128f401d09afb24b8dcbdC:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll9dfda655-06f5-11e5-a0c7-00040efbb8a2
 

Error: (05/30/2015 07:17:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (05/30/2015 07:08:53 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/30/2015 09:02:54 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestc:\program files\ccleaner\CCleaner.exe
 

Error: (05/30/2015 08:53:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (05/29/2015 10:21:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec12aa001d09a249a4aa655C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll3d83c33e-0640-11e5-9871-00040efbb8a2
 

Error: (05/29/2015 05:41:34 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154
 

Error: (05/29/2015 05:32:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-05-23 11:06:11.862

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:06:11.055

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:06:10.784

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:06:10.755

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:04:25.793

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:04:25.764

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:03:28.495

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:03:28.468

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:03:28.285

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2015-05-23 11:03:28.258

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Processor: AMD FX(tm)-8320 Eight-Core Processor 

Percentage of memory in use: 29%

Total physical RAM: 8093.13 MB

Available physical RAM: 5722.27 MB

Total Pagefile: 16184.46 MB

Available Pagefile: 13617.16 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:102.44 GB) (Free:30.47 GB) NTFS

Drive d: (Spiele) (Fixed) (Total:489.13 GB) (Free:94.17 GB) NTFS

Drive e: (Schule) (Fixed) (Total:293.43 GB) (Free:293.24 GB) NTFS

Drive f: (Download) (Fixed) (Total:442.38 GB) (Free:49 GB) NTFS

Drive g: (Welten) (Fixed) (Total:200.2 GB) (Free:192.21 GB) NTFS

Drive j: (Bonkers) (Fixed) (Total:931.48 GB) (Free:186.93 GB) NTFS

Drive k: (BF2 DVD) (CDROM) (Total:1.91 GB) (Free:0 GB) UDF

Drive l: (WWE 2K15) (CDROM) (Total:19.27 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 80B6AAAC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=200.2 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=293.4 GB) - (Type=OF Extended)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCC6936)

Partition 1: (Not Active) - (Size=489.1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442.4 GB) - (Type=07 NTFS)
 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 81A8E79C)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End of log ============================

schrauber

31.05.2015 14:53

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bonkers1982

31.05.2015 15:43

Code:



Combofix Logfile:
 

        Code:


        
ComboFix 15-05-28.01 - Bonkers 31.05.2015  16:17:26.2.8 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8093.4038 [GMT 2:00]

ausgeführt von:: j:\programme\ComboFix.exe

AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\users\Bonkers\AppData\Local\Installer\Installshopperpro_10439

c:\users\Bonkers\AppData\Roaming\5.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-31  ))))))))))))))))))))))))))))))

.

.

2015-05-31 14:29 . 2015-05-31 14:29        --------        d-----w-        c:\users\Public\AppData\Local\temp

2015-05-31 14:29 . 2015-05-31 14:29        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-05-27 17:23 . 2015-05-27 17:23        --------        d-----w-        c:\program files (x86)\Enigma Software Group

2015-05-27 17:21 . 2015-05-28 05:47        --------        d-----w-        c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP

2015-05-27 17:21 . 2015-05-27 17:21        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard

2015-05-25 16:28 . 2015-05-25 16:38        --------        d-----w-        c:\programdata\SecTaskMan

2015-05-25 16:28 . 2015-05-25 16:28        --------        d-----w-        c:\users\Bonkers\AppData\Local\SecTaskMan

2015-05-25 16:28 . 2015-05-25 16:38        --------        d-----w-        c:\program files (x86)\Security Task Manager

2015-05-23 08:18 . 2015-05-23 08:27        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Opera Software

2015-05-23 08:18 . 2015-05-23 08:27        --------        d-----w-        c:\users\Bonkers\AppData\Local\Opera Software

2015-05-23 08:17 . 2015-05-31 14:25        --------        d-----w-        c:\users\Bonkers\AppData\Local\Installer

2015-05-23 08:17 . 2015-05-23 08:17        --------        d-----w-        c:\users\Bonkers\AppData\Local\CrashRpt

2015-05-23 07:59 . 2015-02-19 11:09        20248        ----a-w-        c:\windows\system32\roboot64.exe

2015-05-23 07:58 . 2015-05-23 07:58        --------        d-----w-        c:\programdata\Registry Helper

2015-05-23 07:56 . 2015-05-23 07:56        --------        d-----w-        c:\users\Bonkers\AppData\Local\Max_Computer_Cleaner

2015-05-22 12:52 . 2015-05-22 12:52        --------        d-----w-        c:\users\Bonkers\AppData\Local\globalUpdate

2015-05-22 12:50 . 2015-05-22 12:50        --------        d-----w-        c:\program files (x86)\Winsta

2015-05-22 12:50 . 2015-05-22 12:50        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\PDFConvert

2015-05-22 12:50 . 2015-05-22 12:50        --------        d-----w-        c:\program files (x86)\Convertor

2015-05-20 12:04 . 2015-05-20 12:04        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\AMD

2015-05-20 12:02 . 2015-05-20 12:02        --------        d-----w-        c:\programdata\ATI

2015-05-20 12:01 . 2015-05-20 12:01        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\library_dir

2015-05-20 11:59 . 2015-05-27 15:52        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Raptr

2015-05-20 11:59 . 2015-05-20 12:02        --------        d-----w-        c:\program files (x86)\Raptr

2015-05-20 11:59 . 2015-05-20 11:59        --------        d-----w-        c:\program files (x86)\AMD AVT

2015-05-20 11:54 . 2015-05-20 11:54        --------        d-----w-        C:\AMD

2015-05-17 18:38 . 2015-05-17 18:42        --------        d-----w-        c:\windows\system32\MRT

2015-05-17 18:22 . 2015-05-17 18:22        --------        d-----w-        c:\program files (x86)\VID_0E8F&PID_3013

2015-05-17 18:22 . 2015-05-17 18:22        --------        d-----w-        c:\windows\USB Vibration

2015-05-17 18:22 . 2007-01-19 09:37        73757        ----a-w-        c:\windows\SysWow64\dancemat.exe

2015-05-17 18:22 . 2006-10-23 09:42        31899        ----a-w-        c:\windows\SysWow64\drivers\hid8101.sys

2015-05-17 18:22 . 2015-05-17 18:22        159876        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll

2015-05-17 18:22 . 2002-08-05 08:46        57344        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll

2015-05-17 18:22 . 2002-08-02 01:10        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe

2015-05-17 18:22 . 2002-08-02 00:20        634880        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll

2015-05-17 18:22 . 2002-08-02 00:20        237568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll

2015-05-17 18:22 . 2002-08-02 00:20        151552        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll

2015-05-17 18:22 . 2015-05-17 18:22        270468        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll

2015-05-17 14:23 . 2015-05-17 14:32        --------        d-----w-        c:\program files (x86)\USB Vibration

2015-05-17 14:20 . 2015-05-17 14:20        --------        d-----w-        c:\programdata\7b24ec7cc000461ebe26d116b88142c8

2015-05-17 12:24 . 2015-05-17 12:24        --------        d-----w-        c:\users\Bonkers\AppData\Local\ElevatedDiagnostics

2015-05-17 11:35 . 2015-05-17 11:35        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\MK10

2015-05-15 10:37 . 2015-05-15 10:37        --------        d-----w-        c:\programdata\Socialclub

2015-05-14 08:07 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-14 08:07 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2015-05-13 16:56 . 2015-04-20 03:17        1647104        ----a-w-        c:\windows\system32\DWrite.dll

2015-05-13 16:56 . 2015-04-20 03:17        1179136        ----a-w-        c:\windows\system32\FntCache.dll

2015-05-13 16:56 . 2015-04-20 02:56        1250816        ----a-w-        c:\windows\SysWow64\DWrite.dll

2015-05-13 16:56 . 2015-04-20 02:11        3204608        ----a-w-        c:\windows\system32\win32k.sys

2015-05-13 16:52 . 2015-03-04 04:41        6656        ----a-w-        c:\windows\system32\shimeng.dll

2015-05-13 16:52 . 2015-03-04 04:41        72192        ----a-w-        c:\windows\system32\aelupsvc.dll

2015-05-13 16:52 . 2015-03-04 04:41        342016        ----a-w-        c:\windows\system32\apphelp.dll

2015-05-13 16:52 . 2015-03-04 04:41        23552        ----a-w-        c:\windows\system32\sdbinst.exe

2015-05-13 16:52 . 2015-03-04 04:11        5120        ----a-w-        c:\windows\SysWow64\shimeng.dll

2015-05-13 16:52 . 2015-03-04 04:10        295936        ----a-w-        c:\windows\SysWow64\apphelp.dll

2015-05-13 16:52 . 2015-03-04 04:10        20992        ----a-w-        c:\windows\SysWow64\sdbinst.exe

2015-05-13 16:52 . 2015-05-05 01:29        342016        ----a-w-        c:\windows\system32\schannel.dll

2015-05-13 16:52 . 2015-05-05 01:12        248832        ----a-w-        c:\windows\SysWow64\schannel.dll

2015-05-13 16:52 . 2015-04-18 03:10        460800        ----a-w-        c:\windows\system32\certcli.dll

2015-05-13 16:52 . 2015-04-18 02:56        342016        ----a-w-        c:\windows\SysWow64\certcli.dll

2015-05-13 16:50 . 2015-04-13 03:28        328704        ----a-w-        c:\windows\system32\services.exe

2015-05-13 16:37 . 2015-01-29 03:19        2543104        ----a-w-        c:\windows\system32\wpdshext.dll

2015-05-13 16:37 . 2015-01-29 03:02        2311168        ----a-w-        c:\windows\SysWow64\wpdshext.dll

2015-05-13 16:37 . 2015-01-29 03:19        1195008        ----a-w-        c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

2015-05-12 18:25 . 2015-05-12 18:25        233472        ----a-w-        c:\windows\SysWow64\SafeAppLM.ocx

2015-05-11 17:15 . 2015-05-23 14:02        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service

2015-05-11 15:31 . 2015-05-11 15:31        --------        d-----w-        c:\users\Bonkers\AppData\Local\Diagnostics

2015-05-10 18:43 . 2015-05-10 18:43        --------        d-----w-        c:\users\Bonkers\AppData\Local\Prompt Downloader

2015-05-10 18:40 . 2015-05-11 05:29        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\SpeedFox

2015-05-06 15:35 . 2015-05-06 15:35        --------        d-----w-        c:\users\Bonkers\AppData\Roaming\Nero

2015-05-06 15:30 . 2015-05-06 15:31        --------        d-----w-        c:\program files (x86)\Common Files\Nero

2015-05-06 15:30 . 2015-05-06 15:30        --------        d-----w-        c:\program files (x86)\Nero

2015-05-06 15:30 . 2015-05-06 15:31        --------        d-----w-        c:\programdata\Nero

2015-05-04 23:18 . 2015-05-04 23:18        3162112        ----a-w-        c:\windows\SysWow64\UniSuitePlus_BDC0849A.ocx

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-05-27 15:36 . 2014-12-24 10:58        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-05-07 16:57 . 2014-11-21 19:37        152744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2015-05-07 16:57 . 2014-11-21 19:37        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2015-04-27 19:04 . 2015-05-13 16:57        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2015-04-15 12:43 . 2014-11-21 20:13        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-04-15 12:43 . 2014-11-21 20:13        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-04-14 07:37 . 2014-12-24 10:58        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-04-14 07:37 . 2014-12-24 10:58        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-04-14 07:37 . 2014-12-24 10:58        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-03-25 03:24 . 2015-04-15 11:14        3298816        ----a-w-        c:\windows\system32\wucltux.dll

2015-03-25 03:24 . 2015-04-15 11:14        98304        ----a-w-        c:\windows\system32\wudriver.dll

2015-03-25 03:24 . 2015-04-15 11:14        37376        ----a-w-        c:\windows\system32\wups2.dll

2015-03-25 03:24 . 2015-04-15 11:14        35328        ----a-w-        c:\windows\system32\wups.dll

2015-03-25 03:24 . 2015-04-15 11:14        2553856        ----a-w-        c:\windows\system32\wuaueng.dll

2015-03-25 03:24 . 2015-04-15 11:14        191488        ----a-w-        c:\windows\system32\wuwebv.dll

2015-03-25 03:24 . 2015-04-15 11:14        696320        ----a-w-        c:\windows\system32\wuapi.dll

2015-03-25 03:24 . 2015-04-15 11:14        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll

2015-03-25 03:23 . 2015-04-15 11:14        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll

2015-03-25 03:23 . 2015-04-15 11:14        36864        ----a-w-        c:\windows\system32\wuapp.exe

2015-03-25 03:23 . 2015-04-15 11:14        135168        ----a-w-        c:\windows\system32\wuauclt.exe

2015-03-25 03:00 . 2015-04-15 11:14        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll

2015-03-25 03:00 . 2015-04-15 11:14        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll

2015-03-25 03:00 . 2015-04-15 11:14        29696        ----a-w-        c:\windows\SysWow64\wups.dll

2015-03-25 03:00 . 2015-04-15 11:14        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll

2015-03-25 03:00 . 2015-04-15 11:14        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe

2015-03-23 03:25 . 2015-04-15 11:14        726528        ----a-w-        c:\windows\system32\generaltel.dll

2015-03-23 03:25 . 2015-04-15 11:14        769536        ----a-w-        c:\windows\system32\invagent.dll

2015-03-23 03:24 . 2015-04-15 11:14        419840        ----a-w-        c:\windows\system32\devinv.dll

2015-03-23 03:24 . 2015-04-15 11:14        957952        ----a-w-        c:\windows\system32\appraiser.dll

2015-03-23 03:24 . 2015-04-15 11:14        30720        ----a-w-        c:\windows\system32\acmigration.dll

2015-03-23 03:24 . 2015-04-15 11:14        227328        ----a-w-        c:\windows\system32\aepdu.dll

2015-03-23 03:24 . 2015-04-15 11:14        192000        ----a-w-        c:\windows\system32\aepic.dll

2015-03-23 03:17 . 2015-04-15 11:14        1111552        ----a-w-        c:\windows\system32\aeinv.dll

2015-03-22 00:16 . 2015-03-22 00:16        1081616        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX

2015-03-11 09:35 . 2015-03-11 09:35        50840        ----a-w-        c:\windows\iScreeny.sys

2015-03-10 03:25 . 2015-04-15 11:14        1882624        ----a-w-        c:\windows\system32\msxml3.dll

2015-03-10 03:21 . 2015-04-15 11:14        2048        ----a-w-        c:\windows\system32\msxml3r.dll

2015-03-10 03:08 . 2015-04-15 11:14        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll

2015-03-10 03:05 . 2015-04-15 11:14        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll

2015-03-05 11:55 . 2014-11-21 19:37        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2015-03-05 05:12 . 2015-04-15 11:14        404480        ----a-w-        c:\windows\system32\gdi32.dll

2015-03-05 04:05 . 2015-04-15 11:14        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2015-03-04 04:55 . 2015-04-15 11:13        367552        ----a-w-        c:\windows\system32\clfs.sys

2015-03-04 04:41 . 2015-04-15 11:13        79360        ----a-w-        c:\windows\system32\clfsw32.dll

2015-03-04 04:41 . 2015-05-13 16:52        309248        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2015-03-04 04:41 . 2015-05-13 16:52        103424        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2015-03-04 04:10 . 2015-04-15 11:13        58880        ----a-w-        c:\windows\SysWow64\clfsw32.dll

2015-03-04 04:10 . 2015-05-13 16:52        470528        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2015-03-04 04:10 . 2015-05-13 16:52        2178560        ----a-w-        c:\windows\apppatch\AcGenral.dll

2015-03-04 04:06 . 2015-05-13 16:52        2560        ----a-w-        c:\windows\apppatch\AcRes.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2015-04-14 15:19        1729752        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2015-04-14 15:19        1729752        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2015-04-14 15:19        1729752        ----a-w-        c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]

"icq"="c:\users\Bonkers\AppData\Roaming\ICQM\icq.exe" [2014-11-23 35239432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-07 728312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 23cb3056;OptimizerPro Monitoring;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]

R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

R2 BrsHelper;BrsHelper;c:\progra~2\YTDOWN~1\BROWSE~2.EXE;c:\progra~2\YTDOWN~1\BROWSE~2.EXE [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 globalUpdate1d09531cbce3201;globalUpdate Update Service (globalUpdate1d09531cbce3201);c:\program files (x86)\globalUpdate\Update\globalupdate.exe;c:\program files (x86)\globalUpdate\Update\globalupdate.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 cpuz134;cpuz134;c:\users\Bonkers\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Bonkers\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\globalupdate.exe;c:\program files (x86)\globalUpdate\Update\globalupdate.exe [x]

R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS;c:\windows\SYSNATIVE\drivers\hid8101.SYS [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2015-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-21 12:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2015-04-14 15:14        2334936        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2015-04-14 15:14        2334936        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2015-04-14 15:14        2334936        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-19 7202520]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

uDefault_Search_URL = web/?type=dspp&ts=1432369242&from=xtab&uid=DC3F5D7319984792BC04452DF33940B0&q={searchTerms}

mDefault_Search_URL = www.google.com

mDefault_Page_URL = www.google.com

mStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = www.google.com

uSearchAssistant = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

FF - ProfilePath - c:\users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\i7v79u20.default-1432369977391\

FF - prefs.js: browser.startup.homepage - www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Call of Duty Advanced Warfare_is1 - d:\call of duty advanced warfare\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.17"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-05-31  16:41:56

ComboFix-quarantined-files.txt  2015-05-31 14:41

ComboFix2.txt  2015-05-11 16:13

.

Vor Suchlauf: 12 Verzeichnis(se), 32.496.328.704 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 31.654.400.000 Bytes frei

.

- - End Of File - - 3526A9D3AF1AB6A8F0FFE34229A2DFDB

 
--- --- ---

A36C5E4F47E84449FF07ED3517B43A31

schrauber

01.06.2015 09:22

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Bonkers1982

01.06.2015 17:55

Code:



alwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 01.06.2015

Suchlauf-Zeit: 18:16:09

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.6.1022

Malware Datenbank: v2015.06.01.03

Rootkit Datenbank: v2015.05.31.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Bonkers
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 372483

Verstrichene Zeit: 12 Min, 17 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente gefunden)
 

Registrierungswerte: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsdaten: 0

(Keine schädliche Elemente gefunden)
 

Ordner: 0

(Keine schädliche Elemente gefunden)
 

Dateien: 0

(Keine schädliche Elemente gefunden)
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

AdwCleaner Logfile:

Code:

# AdwCleaner v4.206 - Bericht erstellt 01/06/2015 um 18:41:16

# Aktualisiert 01/06/2015 von Xplode

# Datenbank : 2015-06-01.1 [Server]

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)

# Benutzername : Bonkers - BONKERS-PC

# Gestarted von : C:\Users\Bonkers\Desktop\AdwCleaner_4.206.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : BrsHelper

[#] Dienst Gelöscht : globalUpdatem

[#] Dienst Gelöscht : ReimageRealTimeProtector

[#] Dienst Gelöscht : 23cb3056
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Registry Helper

Ordner Gelöscht : C:\ProgramData\SecTaskMan

Ordner Gelöscht : C:\Program Files (x86)\Convertor

Ordner Gelöscht : C:\Program Files (x86)\Winsta

Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\abengine

Ordner Gelöscht : C:\Users\Bonkers\AppData\Local\globalUpdate

Ordner Gelöscht : C:\Users\Bonkers\AppData\Local\SecTaskMan

Ordner Gelöscht : C:\Users\Bonkers\AppData\Local\Prompt Downloader

Ordner Gelöscht : C:\Users\Bonkers\AppData\Local\Max_Computer_Cleaner

Ordner Gelöscht : C:\Users\Bonkers\Documents\MaxComputerCleaner

Datei Gelöscht : C:\Windows\Reimage.ini

Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu.dll

Datei Gelöscht : C:\Program Files\Common Files\System\SysMenu64.dll

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\IKQVC

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\KJDTZZNB

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\MYOPH

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\XFUPFNOQ

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\ZIGV

Datei Gelöscht : C:\Users\Bonkers\AppData\Roaming\Mozilla\Firefox\Profiles\vy1kje3w.default-1419268357671\user.js
 

***** [ Geplante Tasks ] *****
 

Task Gelöscht : ASP

Task Gelöscht : Convertor

Task Gelöscht : Optimizer Pro Schedule

Task Gelöscht : RegClean Pro

Task Gelöscht : ReimageUpdater

Task Gelöscht : WinKit

Task Gelöscht : YTDownloader

Task Gelöscht : YTDownloaderUpd

Task Gelöscht : MaxComputerCleaner_Start

Task Gelöscht : iren3006

Task Gelöscht : amiupdaterExd

Task Gelöscht : amiupdaterExi

Task Gelöscht : Winsta Update
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Bonkers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Bonkers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Verknüpfung Desinfiziert : C:\Users\Bonkers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\abengine.EXE

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

Schlüssel Gelöscht : HKLM\SOFTWARE\fc2abb45-ed82-ea6d-8f8c-c02b200c2255

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{028F96B8-C73A-4C60-B82F-3944A19B046E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51F7DE65-A990-4213-BDB9-C2657FA7F3F4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{879F721E-7F23-4B7F-B65B-F5A8F518864A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5544F7B-C413-4CAC-8DB4-9A8D1986DD86}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B9EE49F9-62A3-408D-858F-4ED9A23BAA24}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BF6D8439-BAC1-4E73-94FE-9910D098AE00}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4F14684-336F-44FC-8D9E-8A73DAE003EC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}

Schlüssel Gelöscht : HKCU\Software\AnyProtect

Schlüssel Gelöscht : HKCU\Software\APN PIP

Schlüssel Gelöscht : HKCU\Software\GlobalUpdate

Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\powerpack

Schlüssel Gelöscht : HKCU\Software\simplytech

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\Reimage

Schlüssel Gelöscht : HKCU\Software\YTDownloader

Schlüssel Gelöscht : HKCU\Software\rttasks

Schlüssel Gelöscht : HKCU\Software\estdemin

Schlüssel Gelöscht : HKCU\Software\Linkey

Schlüssel Gelöscht : HKCU\Software\subpar

Schlüssel Gelöscht : HKCU\Software\MaxComputerCleanerLanguage

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Boost

Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper

Schlüssel Gelöscht : HKLM\SOFTWARE\SearchModule

Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SearchModule

Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49438;hxxps=127.0.0.1:49438

Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17801
 

Einstellung Wiederhergestellt : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
 

-\\ Mozilla Firefox v38.0.1 (x86 de)
 
 

*************************
 

AdwCleaner[R0].txt - [2797 Bytes] - [29/01/2015 18:10:49]

AdwCleaner[R1].txt - [9383 Bytes] - [01/06/2015 18:38:38]

AdwCleaner[S0].txt - [3715 Bytes] - [29/01/2015 18:12:38]

AdwCleaner[S1].txt - [8221 Bytes] - [01/06/2015 18:41:16]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8280  Bytes] ##########

--- --- ---

[/CODE]

JRT Logfile:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.8.6 (05.31.2015:1)

OS: Windows 7 Ultimate x64

Ran by Bonkers on 01.06.2015 at 18:48:19,85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Tasks
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] C:\Users\Bonkers\appdata\local\crashrpt

Successfully deleted: [Folder] C:\Users\Bonkers\appdata\local\installer

Successfully deleted: [Folder] C:\Users\Bonkers\AppData\Roaming\getrighttogo

Successfully deleted: [Folder] C:\Users\Bonkers\AppData\Roaming\pdfconvert

Successfully deleted: [Folder] C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Bonkers\AppData\Roaming\mozilla\firefox\profiles\i7v79u20.default-1432369977391\minidumps [2 files]
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.06.2015 at 18:50:44,99

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- --- ---

schrauber

02.06.2015 17:00

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Bonkers1982

04.06.2015 06:47

Ahoi Schrauber,

scheint so wieder alles zu klappen. Keine Fehlermeldungen usw. Danke dir.

Adios

Bonkers

schrauber

04.06.2015 20:27

Trotzdem würde ich obiges noch machen als Kontrolle :)

Alle Zeitangaben in WEZ +1. Es ist jetzt 21:47 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55