Trojaner-Board - Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt.. (https://www.trojaner-board.de/161908-windows-defender-ploetzlich-deaktiviert-rechenleistung-verlangsamt.html)

Windows Defender plötzlich deaktiviert, Rechenleistung verlangsamt..

Hallo Liebes Trojaner- Board Team :),

wie der Titel schon vermuten lässt, habe ich mir wohl etwas eingefangen und obige Symptome sind eingetreten.
bitte freundlich um eure Hilfe und hoffe wir das Problem kann gelöst werden.

mfg Kevin.

Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

hier einmal FRST log
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by Siddiq (administrator) on KEVO-PC on 16-12-2014 16:51:14

Running from C:\Users\Siddiq\Desktop

Loaded Profiles: Kevo & Siddiq (Available profiles: Kevo & Siddiq)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\ConsoLCu.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe

(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor

HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-07] (Tonec Inc.)

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MountPoints2: {3285d094-4bf5-11e3-aa23-806e6f6e6963} - D:\Autorun.exe

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-07] (Tonec Inc.)

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\RunOnce: [Adobe Speed Launcher] => 1418685679

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\MountPoints2: {435e65a1-562e-11e4-ba6b-a65d2d287932} - F:\HTC_Sync_Manager_PC.exe

AppInit_DLLs:  =>  File Not Found

Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: [S-1-5-21-17948161-4136030996-2878415790-1001] => 205.213.195.80:80

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 17 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 17 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: www.aupix.com/Webphone -> C:\Users\Kevo\AppData\Roaming\AuPix Ltd\Webphone\npWebphone_1_9.dll (AuPix Ltd)

FF HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5 [2014-09-23]

FF HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Siddiq\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Siddiq\AppData\Roaming\IDM\idmmzcc5 [2014-12-16]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.de/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]

CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]

CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]

CHR Extension: (IDM Integration Module) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-12]

CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]

CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07]

CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-07]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)

R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)

S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)

R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)

R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)

S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)

R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]

R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)

U0 uiav; C:\Windows\System32\drivers\sofiias.sys [79064 2014-12-16] (Malwarebytes Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

U3 aswMBR; \??\C:\Users\Siddiq\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Siddiq\AppData\Local\Temp\aswVmm.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-16 16:51 - 2014-12-16 16:51 - 00022407 _____ () C:\Users\Siddiq\Desktop\FRST.txt

2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\ProgramData\6577510721512629562

2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe

2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni

2014-12-16 16:29 - 2014-12-16 16:51 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache

2014-12-16 16:29 - 2014-12-16 16:30 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\IDM

2014-12-16 16:29 - 2014-12-16 16:29 - 01240576 _____ () C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack (1).exe

2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager

2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe

2014-12-16 16:27 - 2014-12-16 16:27 - 01240576 _____ () C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack.exe

2014-12-16 16:27 - 2014-12-16 16:27 - 00761872 _____ ( ) C:\Users\Siddiq\Downloads\idman621build16.exe

2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe

2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe

2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-12-16 15:39 - 2014-12-16 15:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-12-16 15:39 - 2014-12-16 15:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-12-16 15:39 - 2014-12-16 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-12-16 15:38 - 2014-12-16 15:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-12-16 15:38 - 2014-12-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-12-16 15:38 - 2014-12-16 15:38 - 02119168 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe

2014-12-16 15:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-12-16 14:51 - 2014-12-16 14:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\sofiias.sys

2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe

2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe

2014-12-16 14:10 - 2014-12-16 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam

2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar

2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip

2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity

2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono

2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe

2014-12-07 15:51 - 2014-11-29 01:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity

2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe

2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip

2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip

2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft

2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe

2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip

2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip

2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp

2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar

2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk

2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk

2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip

2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip

2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip

2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip

2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-11-30 20:01 - 2014-12-16 16:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-30 20:01 - 2014-12-15 20:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment

2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0

2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img

2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip

2014-11-27 19:45 - 2014-12-01 06:34 - 00000972 _____ () C:\Windows\PFRO.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin

2014-12-16 16:51 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST

2014-12-16 16:29 - 2013-08-30 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-16 15:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-16 15:52 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-12-16 15:52 - 2013-08-21 23:53 - 01636231 _____ () C:\Windows\WindowsUpdate.log

2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-16 12:52 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert

2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-15 21:46 - 2014-11-15 21:22 - 00004445 _____ () C:\Windows\setupact.log

2014-12-13 16:06 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-12-13 16:06 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-12-13 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype

2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-06 06:51 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-06 06:51 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder

2014-12-01 19:53 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox

2014-12-01 06:57 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox

2014-12-01 06:41 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub

2014-12-01 06:35 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-01 06:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit

2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk

2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-30 19:37 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner

2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo

2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google

2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\Kevo\AppData\Local\Temp\bassmod.dll

C:\Users\Kevo\AppData\Local\Temp\k9-webprotection-4.4.276.exe

C:\Users\Kevo\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Kevo\AppData\Local\Temp\nvStInst.exe

C:\Users\Siddiq\AppData\Local\Temp\38E130ef8.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-15 23:15
 

==================== End Of Log ============================

--- --- ---

und einmal die Addition log

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01

Ran by Siddiq at 2014-12-16 16:51:45

Running from C:\Users\Siddiq\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Android Data Recovery  (HKLM-x32\...\Android Data Recovery) (Version:  - Tenorshare, Inc.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

APW-10 Webphone (HKLM-x32\...\{B42EBE03-4CB9-44E6-B523-61121DB1B195}) (Version: 1.9.0 - AuPix Ltd)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)

Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)

Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

BF3 Settings Editor (HKLM\...\{5866DD36-8055-475B-A5C3-82C04091D14E}) (Version: 2.3 - Realmware)

BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)

Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BuuyNsAVe (HKLM-x32\...\{842C4394-47F7-60DE-480B-C09116B63559}) (Version:  - BuyNsave)

Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)

Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)

Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version: 5.00 - Creative Technology Limited)

Creative Karaoke Player (HKLM-x32\...\CREATIVE KARAOKE PLAYER) (Version: 2.11 - Creative Technology Limited)

Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)

Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)

Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)

Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )

Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)

Dropbox (HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)

EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)

EasyTether (Version: 1.1.18 - Mobile Stream) Hidden

EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)

EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

EVGA PrecisionX 16 (HKLM-x32\...\{E019FA6A-BA92-49A5-A4A6-FB7C60931643}) (Version: 5.2.0 - EVGA Corporation)

Fernbedienungssystem (HKLM-x32\...\Remote Control System) (Version: 5.00 - Creative Technology Limited)

FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)

foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)

Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)

Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)

Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.38 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)

Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Juiced2_HIN (HKLM-x32\...\{50E4FCC7-90B9-48C6-9D17-7AE66F282878}) (Version: 1.00.0000 - THQ)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kingo ROOT version 1.2.5.2112 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.5.2112 - Kingosoft Technology Ltd.)

Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)

Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)

MorphVOX Pro (HKLM-x32\...\{62DAB694-358E-4C6F-82BF-26DA64B297A6}) (Version: 4.3.2 - Screaming Bee)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MultIV (HKLM-x32\...\{A30833E0-EC35-4DE7-96CD-AFF4FB5976EA}) (Version: 0.2.0 - MultIV Development Team)

MyFreeCodec (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MyFreeCodec) (Version:  - )

MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)

NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)

Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.0.0.0 - Electronic Arts)

NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)

Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)

PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)

PAYDAY 2 Incl. Update 28 (HKLM-x32\...\PAYDAY 2_is1) (Version:  - )

PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)

Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 1.8.0.0 - Steppschuh)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

ROOT´óÊ¦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.9730 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)

SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.8.4 - Shark007)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )

Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

System Requirements Lab Detection (HKLM-x32\...\{54500B82-846C-4052-83C8-B7AEB786760C}) (Version: 2.0.0.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)

Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Unity Web Player (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Viber (HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)

Virtual Mpc Version 1.0 (HKLM-x32\...\{FBE55100-FC71-4027-B760-F96D51BE28A5}_is1) (Version: 1.0 - MediaXtremely)

VirtualDJ PRO Full (HKLM-x32\...\{23F20D12-1D01-4806-8AA8-AC79055109DE}) (Version: 7.4 - Atomix Productions)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)

Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\A43025A72B6CC28CB38B93867B2740C581E3B100) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)

Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\4D55218052428488AFE6BA93FABC783E658657A7) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\38207DB32AC6A59CE6075F5AAE1448040FAC76DB) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\BC0FC97093ED911878848F7852D617BA23E42F68) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\97541C74689007984DD12A4E0B349E2F96A66C2F) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)

Windows-Treiberpaket - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)

Windows-Treiberpaket - Microsoft Corporation (WinUSB) AndroidUsbDeviceClass  (07/11/2013 1.4.0015.00000) (HKLM\...\F556F06662CD592AC1110F9116ADB92815A9AA30) (Version: 07/11/2013 1.4.0015.00000 - Microsoft Corporation)

Windows-Treiberpaket - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)

Windows-Treiberpaket - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)

Windows-Treiberpaket - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)

Windows-Treiberpaket - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kevo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

27-09-2014 08:46:32 Windows Update

30-09-2014 21:24:09 Windows Update

03-10-2014 20:36:32 Installed iTunes

04-10-2014 22:20:21 Installed APW-10 Webphone

06-10-2014 00:01:28 Windows Update

09-10-2014 00:29:22 Windows Update

09-10-2014 17:50:59 Gerätetreiber-Paketinstallation: ClockworkMod Android Phone

15-10-2014 17:15:45 Windows Update

17-10-2014 18:18:54 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Modems

17-10-2014 18:44:20 Wiederherstellungsvorgang

17-10-2014 19:03:23 Windows Update

21-10-2014 18:09:55 Windows Update

22-10-2014 20:04:20 Gerätetreiber-Paketinstallation: Google USB

25-10-2014 21:28:01 Windows Update

29-10-2014 18:27:06 Windows Update

02-11-2014 17:21:21 Windows Update

08-11-2014 17:12:50 Windows Update

11-11-2014 19:33:52 Windows Update

16-11-2014 20:45:54 Windows Update

23-11-2014 05:27:54 Windows Update

28-11-2014 19:00:08 Windows Update

02-12-2014 05:47:56 Windows Update

06-12-2014 05:46:23 Windows Update

10-12-2014 05:46:16 Windows Update

14-12-2014 14:39:10 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2014-10-17 19:11 - 2014-10-17 19:11 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {33D73BD0-DB6F-4843-8110-3F0644426E03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {41E1B4D9-FE5B-4BE2-AFD1-790FDC81E12A} - System32\Tasks\{B4F99F75-04D0-4B94-8DAF-84E84F31179C} => pcalua.exe -a "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update\Setup.exe" -d "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update"

Task: {580B284E-0785-41EB-9EE7-5C7E92ED6077} - System32\Tasks\{82628D5D-E012-4444-9C07-6AC1F085F097} => pcalua.exe -a "C:\Users\Kevo\Downloads\gfwlivesetup (4).exe" -d C:\Users\Kevo\Downloads

Task: {5D5F7653-0830-4687-A9A6-1BC382C9B08D} - System32\Tasks\{2AB3583C-2245-4FB0-B01E-E170BD70E9BF} => C:\Program Files (x86)\Virtual Mpc\Virtual Mpc.exe [2011-11-19] (MediaXtremely)

Task: {803EBFD5-6DBC-4919-8B7B-4F380B5C895C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {8B5C1226-CF64-40E3-9D72-41715A2434B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {9008C5B8-4461-4FBF-8F86-44C32CFEA375} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

Task: {9808C32A-471A-4873-AFFE-DF1C8F04C229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: {A2C81D7C-0685-4C6E-8C17-CE21834CB210} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {B383C98E-3850-42DF-BA20-EC0435A73E2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {BB7F2B71-1A24-44C3-9D2C-884E905731B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: {F29EA58C-69E0-4D86-A052-34606B92DAEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-22 02:21 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2013-08-22 21:30 - 2014-08-11 23:55 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-10-11 23:17 - 2009-11-30 17:54 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL

2014-10-11 23:17 - 2009-12-08 14:52 - 00230912 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2014-12-10 21:09 - 2014-12-10 04:57 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libglesv2.dll

2014-12-10 21:09 - 2014-12-10 04:57 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libegl.dll

2014-12-10 21:09 - 2014-12-10 04:57 - 10865480 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\pdf.dll

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2014-10-11 23:17 - 2009-11-30 17:53 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL

2014-10-11 23:17 - 2009-12-08 14:50 - 00177664 _____ () C:\Windows\SysWOW64\APOMngr.DLL

2014-08-01 08:26 - 2014-03-17 02:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll

2014-12-16 15:38 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-12-16 15:38 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-12-16 15:38 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-12-16 15:38 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-12-16 15:38 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: SafetyNutManager => 2

MSCONFIG\startupfolder: C:^Users^Kevo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE

MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"

MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Kevo\AppData\Local\Temp\File4352044518964978922.jar"

MSCONFIG\startupreg: Hercules DJ Series TrayAgent => C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot

MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-17948161-4136030996-2878415790-500 - Administrator - Disabled)

Gast (S-1-5-21-17948161-4136030996-2878415790-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-17948161-4136030996-2878415790-1002 - Limited - Enabled)

Kevo (S-1-5-21-17948161-4136030996-2878415790-1001 - Administrator - Enabled) => C:\Users\Kevo

Siddiq (S-1-5-21-17948161-4136030996-2878415790-1008 - Administrator - Enabled) => C:\Users\Siddiq
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/15/2014 09:47:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kevo-PC)

Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17332
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17332
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9828
 

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9828
 

Error: (12/13/2014 07:10:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/02/2014 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ehshell.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd053

Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c8c81

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000fae0e

ID des fehlerhaften Prozesses: 0x2bc

Startzeit der fehlerhaften Anwendung: 0xehshell.exe0

Pfad der fehlerhaften Anwendung: ehshell.exe1

Pfad des fehlerhaften Moduls: ehshell.exe2

Berichtskennung: ehshell.exe3
 

Error: (12/02/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ehshell.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd053

Name des fehlerhaften Moduls: wmp.dll, Version: 12.0.7601.18150, Zeitstempel: 0x518c8c81

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000000000fae0e

ID des fehlerhaften Prozesses: 0x%9

Startzeit der fehlerhaften Anwendung: 0xehshell.exe0

Pfad der fehlerhaften Anwendung: ehshell.exe1

Pfad des fehlerhaften Moduls: ehshell.exe2

Berichtskennung: ehshell.exe3
 

Error: (11/30/2014 07:40:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 

System errors:

=============

Error: (12/13/2014 04:02:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
 

Error: (12/13/2014 06:46:00 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
 

Error: (12/13/2014 06:46:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.1848.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/13/2014 00:09:03 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )

Description: 0x80004004-1
 

Error: (12/12/2014 00:09:03 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )

Description: 0x80004004-1
 

Error: (12/12/2014 06:46:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.189.1848.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.6.0305.00
 

        Quellpfad: 4.6.0305.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 

Error: (12/12/2014 06:46:01 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
 

Error: (12/12/2014 00:09:03 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )

Description: 0x80004004-1
 

Error: (12/10/2014 06:59:33 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )

Description: 0x80004004-1
 

Error: (12/10/2014 06:59:33 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )

Description: 0x80004004-1
 
 

Microsoft Office Sessions:

=========================

Error: (12/15/2014 09:47:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: Kevo-PC)

Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17332
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17332
 

Error: (12/13/2014 07:11:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9828
 

Error: (12/13/2014 07:10:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9828
 

Error: (12/13/2014 07:10:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (12/02/2014 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ehshell.exe6.1.7600.163854a5bd053wmp.dll12.0.7601.18150518c8c81c000000500000000000fae0e2bc01d00e059818940cC:\Windows\ehome\ehshell.exeC:\Windows\system32\wmp.dlld5c78a7d-7a5d-11e4-95a4-b224fbfea273
 

Error: (12/02/2014 09:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: ehshell.exe6.1.7600.163854a5bd053wmp.dll12.0.7601.18150518c8c81c000000500000000000fae0e
 

Error: (11/30/2014 07:40:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )

Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)

   bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 51%

Total physical RAM: 5119.29 MB

Available physical RAM: 2506.91 MB

Total Pagefile: 10236.76 MB

Available Pagefile: 6862.16 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:931.41 GB) (Free:161.35 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D61A319B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

mfg Kevin.

Zitat:

C:\Users\Siddiq\Downloads\Internet Download Manager (IDM) 6.21 build 16 Crack (1).exe

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

ist gelöscht.. erneuten FRST log :

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01

Ran by Siddiq (administrator) on KEVO-PC on 16-12-2014 17:09:09

Running from C:\Users\Siddiq\Desktop

Loaded Profiles: Kevo & Siddiq (Available profiles: Kevo & Siddiq)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe

(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\ConsoLCu.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe

(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor

HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\MountPoints2: {3285d094-4bf5-11e3-aa23-806e6f6e6963} - D:\Autorun.exe

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\RunOnce: [Adobe Speed Launcher] => 1418685679

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\MountPoints2: {435e65a1-562e-11e4-ba6b-a65d2d287932} - F:\HTC_Sync_Manager_PC.exe

AppInit_DLLs:  =>  File Not Found

Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: [S-1-5-21-17948161-4136030996-2878415790-1001] => 205.213.195.80:80

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/

HKU\S-1-5-21-17948161-4136030996-2878415790-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Winsock: Catalog9 01 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 02 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 03 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 04 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9 17 C:\Windows\SysWOW64\SafeIPs.dll [373760] (SafeIP)

Winsock: Catalog9-x64 01 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 02 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 03 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 04 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Winsock: Catalog9-x64 17 C:\Windows\system32\SafeIPs64.dll [534016] (SafeIP)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kevo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin HKU\S-1-5-21-17948161-4136030996-2878415790-1001: www.aupix.com/Webphone -> C:\Users\Kevo\AppData\Roaming\AuPix Ltd\Webphone\npWebphone_1_9.dll (AuPix Ltd)

FF HKU\S-1-5-21-17948161-4136030996-2878415790-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5

FF Extension: IDM CC - C:\Users\Kevo\AppData\Roaming\IDM\idmmzcc5 [2014-09-23]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.de/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]

CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]

CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]

CHR Extension: (IDM Integration Module) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-10-12]

CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]

CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)

R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)

S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)

R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)

R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)

S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)

R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]

R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)

U0 uiav; C:\Windows\System32\drivers\sofiias.sys [79064 2014-12-16] (Malwarebytes Corporation)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

U3 aswMBR; \??\C:\Users\Siddiq\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Siddiq\AppData\Local\Temp\aswVmm.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-16 16:51 - 2014-12-16 17:09 - 00021041 _____ () C:\Users\Siddiq\Desktop\FRST.txt

2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\ProgramData\6577510721512629562

2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe

2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni

2014-12-16 16:29 - 2014-12-16 17:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache

2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed

2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe

2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe

2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe

2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-12-16 15:39 - 2014-12-16 15:39 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-12-16 15:39 - 2014-12-16 15:39 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-12-16 15:39 - 2014-12-16 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-12-16 15:38 - 2014-12-16 15:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-12-16 15:38 - 2014-12-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-12-16 15:38 - 2014-12-16 15:38 - 02119168 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe

2014-12-16 15:38 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-12-16 14:51 - 2014-12-16 14:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\sofiias.sys

2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe

2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe

2014-12-16 14:10 - 2014-12-16 14:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam

2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar

2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip

2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity

2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono

2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe

2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity

2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe

2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip

2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip

2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft

2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe

2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip

2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip

2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp

2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar

2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk

2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk

2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip

2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip

2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip

2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip

2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-11-30 20:01 - 2014-12-16 17:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-30 20:01 - 2014-12-15 20:06 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment

2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0

2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img

2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip

2014-11-27 19:45 - 2014-12-01 06:34 - 00000972 _____ () C:\Windows\PFRO.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-16 17:09 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST

2014-12-16 17:08 - 2013-08-30 16:17 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager

2014-12-16 16:55 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-16 16:55 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-16 16:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin

2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-16 15:52 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-12-16 15:52 - 2013-08-21 23:53 - 01636231 _____ () C:\Windows\WindowsUpdate.log

2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-16 12:52 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert

2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-15 21:46 - 2014-11-15 21:22 - 00004445 _____ () C:\Windows\setupact.log

2014-12-13 16:06 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-12-13 16:06 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-12-13 16:06 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype

2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder

2014-12-01 19:53 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox

2014-12-01 06:57 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox

2014-12-01 06:41 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub

2014-12-01 06:35 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-01 06:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit

2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk

2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-30 19:37 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner

2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo

2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google

2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\Kevo\AppData\Local\Temp\bassmod.dll

C:\Users\Kevo\AppData\Local\Temp\k9-webprotection-4.4.276.exe

C:\Users\Kevo\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Kevo\AppData\Local\Temp\nvStInst.exe

C:\Users\Siddiq\AppData\Local\Temp\38E130ef8.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-15 23:15
 

==================== End Of Log ============================

--- --- ---

--- --- ---

mfg Kevin

Du hast nur dne Crack gelöscht. Das (gecrackte) Programm ist noch weiterhin installiert und taucht in der Prozessliste auf.

habe es entfernt und den Log vom vorherigen post aktualisiert.

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

moin, anbei einmal die Log vom Combofix :

Code:

ComboFix 14-12-14.01 - Siddiq 17.12.2014   0:46.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.5119.2305 [GMT 1:00]

ausgeführt von:: c:\users\Siddiq\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\6577510721512629562

c:\programdata\6577510721512629562\cd5b15e575e1c3d0cb41a56236abc36b.ini

c:\windows\msdownld.tmp

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\SET4D53.tmp

c:\windows\SysWow64\SET5B7B.tmp

c:\windows\SysWow64\SET705A.tmp

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-11-17 bis 2014-12-17  ))))))))))))))))))))))))))))))

.

.

2014-12-16 23:57 . 2014-12-16 23:57        --------        d-----w-        c:\users\Kevo\AppData\Local\temp

2014-12-16 23:57 . 2014-12-16 23:57        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-12-16 15:31 . 2014-12-16 15:31        --------        d-----w-        c:\program files (x86)\BuuyNsAVe

2014-12-16 15:30 . 2014-12-16 15:30        --------        d-----w-        c:\programdata\nlcgledcgbnjgnhikehaekocgppemfni

2014-12-16 15:29 . 2014-12-16 16:08        --------        d-----w-        c:\users\Siddiq\AppData\Roaming\DMCache

2014-12-16 14:51 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B545F141-9BE2-4DCE-B496-2A5CCFC7CC3D}\mpengine.dll

2014-12-16 14:38 . 2014-12-16 23:38        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2014-12-16 14:38 . 2014-12-16 23:59        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2

2014-12-16 13:10 . 2014-12-17 00:03        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-12-16 13:09 . 2014-12-16 13:09        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-12-16 13:09 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-12-16 13:09 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-12-16 13:09 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-12-15 14:38 . 2014-11-02 04:20        11632448        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-12-11 05:47 . 2014-09-21 15:28        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3563E0C-1A8F-43D1-A396-89895392982D}\gapaengine.dll

2014-12-10 17:54 . 2014-12-10 17:54        3981488        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2014-12-07 16:04 . 2014-12-07 16:04        --------        d-----w-        c:\users\Siddiq\AppData\Roaming\Unity

2014-12-07 15:56 . 2014-12-07 15:56        --------        d-----w-        c:\users\Siddiq\AppData\Roaming\.mono

2014-12-07 14:02 . 2014-12-07 14:02        --------        d-----w-        c:\program files\Unity

2014-11-30 18:57 . 2014-11-30 18:57        --------        d-----w-        c:\users\Siddiq\AppData\Local\Apps

2014-11-30 18:57 . 2014-11-30 18:59        --------        d-----w-        c:\users\Siddiq\AppData\Local\Deployment

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-16 14:55 . 2013-10-01 15:17        348928        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2014-12-16 14:55 . 2013-10-01 10:17        348928        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-12-16 14:55 . 2013-10-01 10:17        290184        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2014-12-10 17:54 . 2013-10-02 16:56        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-12-10 17:54 . 2013-10-02 16:56        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-10-30 11:25 . 2013-08-21 23:08        275080        ------w-        c:\windows\system32\MpSigStub.exe

2014-10-17 15:23 . 2014-10-17 15:23        14544        ----a-w-        c:\windows\SysWow64\drivers\hmonitor45.sys

2014-09-21 15:28 . 2013-10-18 13:53        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-12-10 898376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]

.

c:\users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2014-10-17 1054432]

.

c:\users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys;c:\windows\SYSNATIVE\Drivers\HDJBulk.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]

R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys;c:\windows\SYSNATIVE\DRIVERS\HDJMidi.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SafeIPS;SafeIPS;c:\program files (x86)\SafeIP\SafeIPs.exe;c:\program files (x86)\SafeIP\SafeIPs.exe [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]

S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

S2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE;c:\program files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [x]

S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]

S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17b64.sys;c:\windows\SYSNATIVE\drivers\hcw17b64.sys [x]

S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MBAMSWISSARMY

.

Inhalt des "geplante Tasks" Ordners

.

2014-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-02 17:54]

.

2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:01]

.

2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 19:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

"Creative SB Monitoring Utility"="sbavmon.dll" [2009-12-16 109056]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.42.129

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\40.0.2182.3\Installer\chrmstp.exe

ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)

ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)

ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)

AddRemove-SAFEIP_is1 - c:\program files (x86)\SafeIP\unins000.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,89,7d,6c,df,07,af,4c,87,77,9b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a2,89,7d,6c,df,07,af,4c,87,77,9b,\

.

[HKEY_LOCAL_MACHINE\software\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-12-17  01:10:00 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-12-17 00:09

ComboFix2.txt  2013-07-05 11:40

.

Vor Suchlauf: 49 Verzeichnis(se), 166.814.765.056 Bytes frei

Nach Suchlauf: 51 Verzeichnis(se), 168.791.334.912 Bytes frei

.

- - End Of File - - 66DC0F097042791EC9754C60CB769230

A36C5E4F47E84449FF07ED3517B43A31

mfg Kevin.

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Nabend,

anbei die geforderten logs :

adw log

Code:

# AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 21:21:35

# Aktualisiert 08/12/2014 von Xplode

# Database : 2014-12-16.1 [Live]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Siddiq - KEVO-PC

# Gestartet von : C:\Users\Siddiq\Desktop\AdwCleaner_4.105.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gelöscht : C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}

Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.17088
 
 

-\\ Google Chrome v40.0.2214.38
 
 

*************************
 

AdwCleaner[R0].txt - [2258 octets] - [29/08/2013 09:21:16]

AdwCleaner[R1].txt - [2517 octets] - [17/09/2013 22:44:53]

AdwCleaner[R2].txt - [11794 octets] - [30/11/2014 19:34:19]

AdwCleaner[R3].txt - [2181 octets] - [17/12/2014 21:01:22]

AdwCleaner[S0].txt - [1836 octets] - [29/08/2013 09:30:11]

AdwCleaner[S1].txt - [2413 octets] - [17/09/2013 22:47:12]

AdwCleaner[S2].txt - [9487 octets] - [30/11/2014 19:37:50]

AdwCleaner[S3].txt - [1972 octets] - [17/12/2014 21:21:35]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2032 octets] ##########

jrt log :

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Home Premium x64

Ran by Siddiq on 17.12.2014 at 21:28:22,82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17.12.2014 at 21:32:38,56

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST log :

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014

Ran by Siddiq (administrator) on KEVO-PC on 17-12-2014 21:37:47

Running from C:\Users\Siddiq\Desktop

Loaded Profile: Siddiq (Available profiles: Kevo & Siddiq)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Hercules®) C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

(Microsoft Corporation) C:\Windows\ehome\ehshell.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.191.88.0.exe

(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor

HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Run: [GoogleChromeAutoLaunch_DCDE99E772EF02AB63A59D2B2790539C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [898376 2014-12-10] (Google Inc.)

Startup: C:\Users\Kevo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

Startup: C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-17948161-4136030996-2878415790-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll (Unity Technologies ApS)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.de/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]

CHR Extension: (YouTube) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]

CHR Extension: (Google-Suche) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]

CHR Extension: (Paltalk Express) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn [2014-11-09]

CHR Extension: (Google Mail) - C:\Users\Siddiq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-09-07] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-08-22] (Creative Labs) [File not signed]

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)

R2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [47104 2013-05-21] (Hercules®) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-16] (Electronic Arts)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-11] ()

S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

S3 SafeIPS; C:\Program Files (x86)\SafeIP\SafeIPs.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)

S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [258352 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-01] (Disc Soft Ltd)

R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)

R3 hcw17bda; C:\Windows\System32\drivers\hcw17b64.sys [78192 2013-08-22] (Hauppauge Computer Works, Inc.)

S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [274736 2013-05-21] (© Guillemot R&D, 2013. All rights reserved.)

S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)

R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1148288 2011-07-06] (Creative Technology Ltd.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2013-03-09] (The OpenVPN Project) [File not signed]

R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)

S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 21:32 - 2014-12-17 21:32 - 00000755 _____ () C:\Users\Siddiq\Desktop\JRT.txt

2014-12-17 21:28 - 2014-12-17 21:28 - 01707646 _____ (Thisisu) C:\Users\Siddiq\Desktop\JRT.exe

2014-12-17 21:28 - 2014-12-17 21:28 - 00000000 ____D () C:\Windows\ERUNT

2014-12-17 21:00 - 2014-12-17 21:00 - 02166272 _____ () C:\Users\Siddiq\Desktop\AdwCleaner_4.105.exe

2014-12-17 01:10 - 2014-12-17 01:10 - 00025076 _____ () C:\ComboFix.txt

2014-12-17 00:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-12-17 00:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-12-17 00:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-12-17 00:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-12-17 00:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-12-17 00:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-12-17 00:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-12-17 00:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-12-17 00:34 - 2014-12-17 00:34 - 05601641 ____R (Swearware) C:\Users\Siddiq\Desktop\ComboFix.exe

2014-12-17 00:34 - 2014-12-17 00:34 - 05601641 _____ (Swearware) C:\Users\Siddiq\Downloads\ComboFix.exe

2014-12-16 16:51 - 2014-12-17 21:37 - 00017165 _____ () C:\Users\Siddiq\Desktop\FRST.txt

2014-12-16 16:31 - 2014-12-16 16:31 - 00000000 ____D () C:\Program Files (x86)\BuuyNsAVe

2014-12-16 16:30 - 2014-12-16 16:30 - 00000000 ____D () C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni

2014-12-16 16:29 - 2014-12-16 17:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\DMCache

2014-12-16 16:29 - 2014-12-16 16:29 - 00001009 _____ () C:\Users\Siddiq\Desktop\Internet Download Manager.lnk

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Video

2014-12-16 16:29 - 2014-12-16 16:29 - 00000000 ____D () C:\Users\Siddiq\Downloads\Compressed

2014-12-16 16:28 - 2014-12-16 16:28 - 06353464 _____ (Tonec Inc.) C:\Users\Siddiq\Downloads\idman621build16 (1).exe

2014-12-16 16:23 - 2014-12-16 16:23 - 00067032 _____ () C:\Users\Siddiq\Downloads\HDVidCodec.exe

2014-12-16 15:51 - 2014-12-16 15:51 - 01534736 _____ () C:\Users\Siddiq\Downloads\battlelog-web-plugins_2.6.2_154.exe

2014-12-16 15:40 - 2014-12-16 15:40 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-12-16 15:38 - 2014-12-17 21:33 - 02121216 _____ (Farbar) C:\Users\Siddiq\Desktop\FRST64.exe

2014-12-16 15:38 - 2014-12-17 00:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-12-16 15:38 - 2014-12-17 00:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-12-16 14:22 - 2014-12-16 14:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Siddiq\Downloads\spybot-2.4.exe

2014-12-16 14:11 - 2014-12-16 14:11 - 05198336 _____ (AVAST Software) C:\Users\Siddiq\Downloads\aswMBR.exe

2014-12-16 14:10 - 2014-12-17 21:25 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-16 14:09 - 2014-12-16 14:09 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-12-16 14:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-16 14:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-16 14:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-16 14:08 - 2014-12-16 14:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Siddiq\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\MSK

2014-12-16 01:00 - 2014-12-16 01:01 - 00000000 ____D () C:\Users\Siddiq\Desktop\Islam

2014-12-10 22:49 - 2014-12-10 23:43 - 103539160 _____ () C:\Users\Siddiq\Downloads\BON2014.rar

2014-12-10 18:54 - 2014-12-10 18:54 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-12-09 06:53 - 2014-12-09 06:55 - 161322064 _____ () C:\Users\Siddiq\Downloads\wegothiphop-kendrick-lamar-unreleased-wegothiphopcom.zip

2014-12-07 17:04 - 2014-12-07 17:04 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Unity

2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\.mono

2014-12-07 16:53 - 2014-12-07 16:53 - 01107184 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayer64.exe

2014-12-07 15:02 - 2014-12-07 15:02 - 00000000 ____D () C:\Program Files\Unity

2014-12-07 13:33 - 2014-12-07 13:33 - 07173168 _____ (Unity Technologies ApS) C:\Users\Siddiq\Downloads\UnityWebPlayerFull64.exe

2014-12-07 10:17 - 2014-12-07 10:22 - 271014878 _____ () C:\Users\Siddiq\Downloads\cm-11-20141206-NIGHTLY-bacon.zip

2014-12-07 10:16 - 2014-12-07 10:22 - 171522881 _____ () C:\Users\Siddiq\Downloads\Slim-bacon-4.4.4.build.8.18-WEEKLY-8118.zip

2014-12-06 23:38 - 2014-12-06 23:38 - 00000000 ____D () C:\Users\Siddiq\Documents\DVDVideoSoft

2014-12-06 23:36 - 2014-12-06 23:37 - 17938000 _____ (DVDVideoSoft Ltd. ) C:\Users\Siddiq\Downloads\freeaudiodub.exe

2014-12-06 00:20 - 2014-12-06 00:22 - 157694716 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140606-signed.zip

2014-12-06 00:13 - 2014-12-06 00:16 - 271013652 _____ () C:\Users\Siddiq\Downloads\cm-11-20141205-NIGHTLY-bacon.zip

2014-12-02 21:05 - 2014-12-02 22:52 - 00000000 ____D () C:\Users\Siddiq\Desktop\WhatsApp

2014-12-02 19:11 - 2014-12-02 19:56 - 986789926 _____ () C:\Users\Siddiq\Downloads\T230XXU0ANJT230DBT0ANJT230XXU0ANJHOME.tar.rar

2014-12-01 16:20 - 2014-12-01 16:20 - 04135060 _____ () C:\Users\Siddiq\Downloads\CameraNext (1).apk

2014-12-01 15:50 - 2014-12-01 15:50 - 03820857 _____ () C:\Users\Siddiq\Downloads\CameraNext.apk

2014-12-01 15:45 - 2014-12-01 15:53 - 251123017 _____ () C:\Users\Siddiq\Downloads\aosp-One-ota-20140823.zip

2014-12-01 15:35 - 2014-12-01 15:35 - 92569666 _____ () C:\Users\Siddiq\Downloads\gapps-kk-20140728-Sesme-Lite.zip

2014-12-01 15:27 - 2014-12-01 15:31 - 216029436 _____ () C:\Users\Siddiq\Downloads\cm-bacon-3628510d76-to-ac1ccf7921-signed.zip

2014-12-01 15:12 - 2014-12-01 15:15 - 270844692 _____ () C:\Users\Siddiq\Downloads\cm-11-20141129-NIGHTLY-bacon.zip

2014-11-30 20:03 - 2014-12-10 21:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-30 20:03 - 2014-11-30 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-11-30 20:01 - 2014-12-17 21:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-30 20:01 - 2014-12-17 21:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-30 20:01 - 2014-11-30 20:01 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-30 20:01 - 2014-11-30 20:01 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-30 19:57 - 2014-11-30 19:59 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Deployment

2014-11-30 19:57 - 2014-11-30 19:57 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Apps\2.0

2014-11-27 21:38 - 2014-11-27 21:39 - 12890112 _____ () C:\Users\Siddiq\Downloads\openrecovery-twrp-2.8.1.0-bacon (1).img

2014-11-27 21:02 - 2014-11-27 21:04 - 03974843 _____ () C:\Users\Siddiq\Downloads\UPDATE-SuperSU-v2.35.zip

2014-11-27 19:45 - 2014-12-17 21:22 - 00010352 _____ () C:\Windows\PFRO.log
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-17 21:37 - 2013-07-04 17:01 - 00000000 ____D () C:\FRST

2014-12-17 21:35 - 2013-08-21 23:53 - 01666707 _____ () C:\Windows\WindowsUpdate.log

2014-12-17 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-17 21:31 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-17 21:29 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat

2014-12-17 21:29 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat

2014-12-17 21:29 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-17 21:27 - 2014-11-09 01:32 - 00000000 ___RD () C:\Users\Siddiq\Dropbox

2014-12-17 21:27 - 2014-11-09 01:10 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Dropbox

2014-12-17 21:25 - 2014-11-08 23:08 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\HTC MediaHub

2014-12-17 21:23 - 2014-11-15 21:22 - 00004781 _____ () C:\Windows\setupact.log

2014-12-17 21:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-17 21:22 - 2013-08-22 02:21 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-12-17 21:21 - 2013-08-29 09:21 - 00000000 ____D () C:\AdwCleaner

2014-12-17 20:54 - 2014-09-04 22:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-17 19:39 - 2009-07-14 19:18 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-12-17 01:10 - 2013-07-05 12:06 - 00000000 ____D () C:\Qoobox

2014-12-17 01:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-12-17 01:07 - 2013-09-24 11:28 - 00000000 ____D () C:\Windows\erdnt

2014-12-17 01:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-17 00:59 - 2013-08-22 21:14 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-12-17 00:59 - 2009-07-14 03:34 - 68681728 _____ () C:\Windows\system32\config\software.bak

2014-12-17 00:59 - 2009-07-14 03:34 - 27262976 _____ () C:\Windows\system32\config\system.bak

2014-12-17 00:59 - 2009-07-14 03:34 - 01310720 _____ () C:\Windows\system32\config\default.bak

2014-12-17 00:59 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak

2014-12-17 00:59 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak

2014-12-16 16:51 - 2013-08-22 03:33 - 00000000 ____D () C:\ProgramData\Origin

2014-12-16 15:55 - 2013-10-01 16:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-12-16 15:55 - 2013-10-01 11:17 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-12-16 15:55 - 2013-10-01 11:17 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-12-16 15:38 - 2013-08-22 03:32 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-16 14:09 - 2013-10-01 12:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-16 01:03 - 2013-09-01 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-12-16 01:02 - 2014-11-15 22:33 - 00000000 ____D () C:\Users\Siddiq\Desktop\arbeit unsortiert

2014-12-15 21:49 - 2013-10-02 13:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 16:17 - 2014-10-17 21:41 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Skype

2014-12-10 18:54 - 2014-09-04 22:48 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-12-10 18:54 - 2013-10-02 17:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-12-10 18:54 - 2013-10-02 17:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-02 22:52 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Verkauf Bilder

2014-11-30 20:02 - 2013-08-22 02:37 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-30 19:59 - 2014-10-26 09:11 - 00000000 ____D () C:\Users\Siddiq\Desktop\Arbeit

2014-11-30 19:55 - 2014-11-09 01:32 - 00001019 _____ () C:\Users\Siddiq\Desktop\Dropbox.lnk

2014-11-30 19:55 - 2014-11-09 01:15 - 00000000 ____D () C:\Users\Siddiq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-30 03:31 - 2013-08-22 00:44 - 00000000 ____D () C:\Users\Kevo

2014-11-27 20:30 - 2014-10-12 01:27 - 00000000 ____D () C:\Users\Siddiq\AppData\Local\Google

2014-11-27 19:45 - 2009-07-14 05:45 - 00271432 _____ () C:\Windows\system32\FNTCACHE.DAT
 

Some content of TEMP:

====================

C:\Users\Siddiq\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyipz0.dll

C:\Users\Siddiq\AppData\Local\Temp\Quarantine.exe

C:\Users\Siddiq\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-15 23:15
 

==================== End Of Log ============================

--- --- ---

addition :

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014

Ran by Siddiq at 2014-12-17 21:38:22

Running from C:\Users\Siddiq\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Android Data Recovery  (HKLM-x32\...\Android Data Recovery) (Version:  - Tenorshare, Inc.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

APW-10 Webphone (HKLM-x32\...\{B42EBE03-4CB9-44E6-B523-61121DB1B195}) (Version: 1.9.0 - AuPix Ltd)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)

Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)

Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

BF3 Settings Editor (HKLM\...\{5866DD36-8055-475B-A5C3-82C04091D14E}) (Version: 2.3 - Realmware)

BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)

Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)

Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)

Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)

Creative Entertainment Center (HKLM-x32\...\Creative Entertainment Center) (Version: 5.00 - Creative Technology Limited)

Creative Karaoke Player (HKLM-x32\...\CREATIVE KARAOKE PLAYER) (Version: 2.11 - Creative Technology Limited)

Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)

Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)

Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)

Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )

Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)

Dropbox (HKU\S-1-5-21-17948161-4136030996-2878415790-1008\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)

EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)

EasyTether (Version: 1.1.18 - Mobile Stream) Hidden

EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)

EPSON Copy Utility 3 (HKLM-x32\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

EVGA PrecisionX 16 (HKLM-x32\...\{E019FA6A-BA92-49A5-A4A6-FB7C60931643}) (Version: 5.2.0 - EVGA Corporation)

Fernbedienungssystem (HKLM-x32\...\Remote Control System) (Version: 5.00 - Creative Technology Limited)

FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)

foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)

Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)

Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)

Free Video to MP3 Converter version 5.0.28.827 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.28.827 - DVDVideoSoft Ltd.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.38 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)

Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden

Hercules DJ Products Series drivers (HKLM-x32\...\{33999F1F-EA46-4E55-A239-1BA803235396}) (Version: 2.HDJS.2013 - Hercules)

Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.33.0 - HTC)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)

Juiced2_HIN (HKLM-x32\...\{50E4FCC7-90B9-48C6-9D17-7AE66F282878}) (Version: 1.00.0000 - THQ)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Kingo ROOT version 1.2.5.2112 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.5.2112 - Kingosoft Technology Ltd.)

Lautstärkefenster (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)

Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)

Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)

MorphVOX Pro (HKLM-x32\...\{62DAB694-358E-4C6F-82BF-26DA64B297A6}) (Version: 4.3.2 - Screaming Bee)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MultIV (HKLM-x32\...\{A30833E0-EC35-4DE7-96CD-AFF4FB5976EA}) (Version: 0.2.0 - MultIV Development Team)

MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)

NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)

Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.0.0.0 - Electronic Arts)

NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)

Paltalk Messenger  11.4 (HKLM-x32\...\Paltalk Messenger) (Version: 11.4.564.16149 - AVM Software Inc.)

PAYDAY 2 Demo (HKLM-x32\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)

PAYDAY 2 Incl. Update 28 (HKLM-x32\...\PAYDAY 2_is1) (Version:  - )

PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)

Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)

Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 1.8.0.0 - Steppschuh)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

ROOT´óÊ¦ (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.7.9.9730 - ÉîÛÚÐÅÒ¼ÍøÂçÓÐÏÞ¹«Ë¾)

SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.8.4 - Shark007)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )

Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)

SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

System Requirements Lab Detection (HKLM-x32\...\{54500B82-846C-4052-83C8-B7AEB786760C}) (Version: 2.0.0.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)

Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Virtual Mpc Version 1.0 (HKLM-x32\...\{FBE55100-FC71-4027-B760-F96D51BE28A5}_is1) (Version: 1.0 - MediaXtremely)

VirtualDJ PRO Full (HKLM-x32\...\{23F20D12-1D01-4806-8AA8-AC79055109DE}) (Version: 7.4 - Atomix Productions)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)

Windows-Treiberpaket - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\A43025A72B6CC28CB38B93867B2740C581E3B100) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)

Windows-Treiberpaket - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\4D55218052428488AFE6BA93FABC783E658657A7) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\38207DB32AC6A59CE6075F5AAE1448040FAC76DB) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\BC0FC97093ED911878848F7852D617BA23E42F68) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)

Windows-Treiberpaket - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\97541C74689007984DD12A4E0B349E2F96A66C2F) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)

Windows-Treiberpaket - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)

Windows-Treiberpaket - Microsoft Corporation (WinUSB) AndroidUsbDeviceClass  (07/11/2013 1.4.0015.00000) (HKLM\...\F556F06662CD592AC1110F9116ADB92815A9AA30) (Version: 07/11/2013 1.4.0015.00000 - Microsoft Corporation)

Windows-Treiberpaket - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)

Windows-Treiberpaket - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)

Windows-Treiberpaket - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)

Windows-Treiberpaket - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-17948161-4136030996-2878415790-1008_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Siddiq\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

03-10-2014 21:36:32 Installed iTunes

04-10-2014 23:20:21 Installed APW-10 Webphone

06-10-2014 01:01:28 Windows Update

09-10-2014 01:29:22 Windows Update

09-10-2014 18:50:59 Gerätetreiber-Paketinstallation: ClockworkMod Android Phone

15-10-2014 18:15:45 Windows Update

17-10-2014 19:18:54 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Modems

17-10-2014 19:44:20 Wiederherstellungsvorgang

17-10-2014 20:03:23 Windows Update

21-10-2014 19:09:55 Windows Update

22-10-2014 21:04:20 Gerätetreiber-Paketinstallation: Google USB

25-10-2014 22:28:01 Windows Update

29-10-2014 19:27:06 Windows Update

02-11-2014 18:21:21 Windows Update

08-11-2014 18:12:50 Windows Update

11-11-2014 20:33:52 Windows Update

16-11-2014 21:45:54 Windows Update

23-11-2014 06:27:54 Windows Update

28-11-2014 20:00:08 Windows Update

02-12-2014 06:47:56 Windows Update

06-12-2014 06:46:23 Windows Update

10-12-2014 06:46:16 Windows Update

14-12-2014 15:39:10 Windows Update

17-12-2014 00:42:16 ComboFix created restore point

17-12-2014 21:35:29 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2014-10-17 19:11 - 2014-12-17 01:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {41E1B4D9-FE5B-4BE2-AFD1-790FDC81E12A} - System32\Tasks\{B4F99F75-04D0-4B94-8DAF-84E84F31179C} => pcalua.exe -a "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update\Setup.exe" -d "C:\Users\Kevo\Desktop\pay day 2 updaes entpackt\9\Update"

Task: {580B284E-0785-41EB-9EE7-5C7E92ED6077} - System32\Tasks\{82628D5D-E012-4444-9C07-6AC1F085F097} => pcalua.exe -a "C:\Users\Kevo\Downloads\gfwlivesetup (4).exe" -d C:\Users\Kevo\Downloads

Task: {5D5F7653-0830-4687-A9A6-1BC382C9B08D} - System32\Tasks\{2AB3583C-2245-4FB0-B01E-E170BD70E9BF} => C:\Program Files (x86)\Virtual Mpc\Virtual Mpc.exe [2011-11-19] (MediaXtremely)

Task: {803EBFD5-6DBC-4919-8B7B-4F380B5C895C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9008C5B8-4461-4FBF-8F86-44C32CFEA375} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

Task: {9808C32A-471A-4873-AFFE-DF1C8F04C229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: {A2C81D7C-0685-4C6E-8C17-CE21834CB210} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {BB7F2B71-1A24-44C3-9D2C-884E905731B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: {F29EA58C-69E0-4D86-A052-34606B92DAEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-08-22 02:21 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2013-08-22 21:30 - 2014-08-11 23:55 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-11-03 11:05 - 2014-11-03 11:05 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2014-12-10 21:09 - 2014-12-10 04:57 - 01450312 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libglesv2.dll

2014-12-10 21:09 - 2014-12-10 04:57 - 00205128 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\libegl.dll

2014-12-10 21:09 - 2014-12-10 04:57 - 10865480 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.38\pdf.dll

2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-11-03 11:04 - 2014-11-03 11:04 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2014-11-03 11:05 - 2014-11-03 11:05 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2014-11-03 11:06 - 2014-11-03 11:06 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2014-11-03 11:07 - 2014-11-03 11:07 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2014-10-11 23:17 - 2009-11-30 17:53 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL

2014-10-11 23:17 - 2009-12-08 14:50 - 00177664 _____ () C:\Windows\SysWOW64\APOMngr.DLL

2014-08-01 08:26 - 2014-03-17 02:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SafeIPS => ""="service"
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: SafetyNutManager => 2

MSCONFIG\startupfolder: C:^Users^Kevo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Synchronizer => "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: CTRegRun => C:\Windows\CTRegRun.EXE

MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: EasyTether => "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"

MSCONFIG\startupreg: File => "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Kevo\AppData\Local\Temp\File4352044518964978922.jar"

MSCONFIG\startupreg: Hercules DJ Series TrayAgent => C:\Program Files\Guillemot\HDJTray\HDJSeries2TrayBar.exe /boot

MSCONFIG\startupreg: ISUSPM => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: Remote Control Server => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-17948161-4136030996-2878415790-500 - Administrator - Disabled)

Gast (S-1-5-21-17948161-4136030996-2878415790-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-17948161-4136030996-2878415790-1002 - Limited - Enabled)

Kevo (S-1-5-21-17948161-4136030996-2878415790-1001 - Administrator - Enabled) => C:\Users\Kevo

Siddiq (S-1-5-21-17948161-4136030996-2878415790-1008 - Administrator - Enabled) => C:\Users\Siddiq
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2014-12-17 00:56:48.697

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-17 00:56:48.617

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz

Percentage of memory in use: 42%

Total physical RAM: 5119.29 MB

Available physical RAM: 2958.15 MB

Total Pagefile: 10236.76 MB

Available Pagefile: 7516.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:931.41 GB) (Free:152.35 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D61A319B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

mfg Kevin.

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

hab ich ebend gemacht, nochmal ?

Habs korrigiert, hab den falschen Baustein angeklickt

Moin ,

einmal mbam log:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 17.12.2014

Suchlauf-Zeit: 23:35:21

Logdatei: mbam log.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2014.12.17.04

Rootkit Datenbank: v2014.12.14.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Siddiq
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 384741

Verstrichene Zeit: 25 Min, 16 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

ESET log :

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=682d0596c7b151418ed86fa582092787

# engine=21605

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-12-17 11:12:47

# local_time=2014-12-18 12:12:47 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 7782364 60167683 0 0

# scanned=22

# found=0

# cleaned=0

# scan_time=72

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=682d0596c7b151418ed86fa582092787

# engine=21605

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-12-18 08:29:57

# local_time=2014-12-18 09:29:57 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 7815794 60201113 0 0

# scanned=308464

# found=83

# cleaned=0

# scan_time=29330

sh=A102A960644BE08940F4E8488152AE2F1830976B ft=1 fh=40585142393bf6e6 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Helper.dll.vir"

sh=9266F015731604616974EDBDAD28C3A36BAA1D5E ft=1 fh=1f6a561fcb8d1692 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\Internet Explorer Settings.exe.vir"

sh=2EE72F127C043FBC3F6DE2F3B200355C65C508CD ft=1 fh=733762b6e00a51d9 vn="Win32/Toolbar.SearchSuite.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetycrt.dll.vir"

sh=7EA715EB775D2F8CCE9512D1FDF51A66A7BD4EEE ft=1 fh=e4ab5faed85ae927 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr.dll.vir"

sh=F494E58C168EE00589FA740066A058494C52B47F ft=1 fh=59e48c3b886fb113 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetyldr_u.dll.vir"

sh=05F966E47BD188A09A3F94601DABF194EF4A6609 ft=1 fh=1ea04831ece777a2 vn="Variante von Win32/Toolbar.SearchSuite.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut.exe.vir"

sh=D3CA21EFC311CF3CAD31B43D910534C22FDBE4F2 ft=1 fh=77cf14f14318a65c vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\safetynut_ie.dll.vir"

sh=DE82D3A4BAA20181E09F2A57663F9D175347B28C ft=1 fh=8f33ac66ce061627 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\Internet Explorer Settings.exe.vir"

sh=B1AED2E542D2B49B935F486E5C1D4F07E2F0AD49 ft=1 fh=e7ece639bdaf7919 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetycrt.dll.vir"

sh=5FA015211A09D25E5E5BEF545E8601910A97582D ft=1 fh=2efcdf4ba4589200 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr.dll.vir"

sh=129043C40301641EA0F229AB7AEF82B38BE79AF6 ft=1 fh=61c2d14715b17a5c vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetyldr_u.dll.vir"

sh=4925399530298A7D6EB00307B4094CC5A2F65130 ft=1 fh=34be83c1de23a634 vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut.dll.vir"

sh=97AEAD178DEC57AEDD229AB7B437B41BA9897C86 ft=1 fh=725919a07dd4157b vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\SafetyNut\x64\safetynut_ie.dll.vir"

sh=9632E1AC8B967AC0C86C1164C5CC1BE6D09559BD ft=1 fh=8fbaa163c9af4b58 vn="Win32/bProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.vir"

sh=5B1B511C55F5E656C01C34FC3812AF210A942D7B ft=1 fh=270199ee25538721 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe.vir"

sh=5B1B511C55F5E656C01C34FC3812AF210A942D7B ft=1 fh=270199ee25538721 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe.vir"

sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"

sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"

sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"

sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"

sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kevo\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"

sh=27FBB2161B29148FBC20EBBCF5A07FDCA991026C ft=1 fh=0456e4230d5bc364 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kevo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"

sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Dokumente und Einstellungen\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"

sh=F62B6CC700DFD3250972DA9CD40891826950B6DE ft=1 fh=69e42b4b29fcdff9 vn="Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Helper.dll"

sh=8ADAAE074F0453305632DFFAEAD0773392E553F2 ft=1 fh=a3c15f99b9da4c5b vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Uninstall.exe"

sh=D57FDCC621EFFBC2C6C626C98827E11376E58CC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar"

sh=05496692BE3D1FFD73E0DB872AD44736456F309B ft=1 fh=0a3723757c633046 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\DownloadManagerSetup.exe"

sh=6676270EF28EB27D9884155B545167A7F59E0BEF ft=1 fh=4d8f9fb86021498e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe"

sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe"

sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe"

sh=10EC9D9C93D2F2BEB677D7FD493C73FED9DC0832 ft=1 fh=611227e113887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe"

sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"

sh=5CFAFD2021118DF91FAC86E3362C9FC4E7819ECE ft=1 fh=b3d516fd14955557 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe"

sh=D9ACE011F481C9A8054511DC1AAB6A3C7B5D0FA5 ft=1 fh=df1655747ceefb41 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Recuva - CHIP-Downloader.exe"

sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\setup_Project64_2.1.exe"

sh=2F47B4BA8CCDBBD2CD9F501FA178B368ADDE67FC ft=1 fh=e1ee3862b8120d8b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Tunngle - CHIP-Installer.exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (1).exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (2).exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup.exe"

sh=A26E8508633716B537149AB18C866D7A42918F71 ft=1 fh=63002f26150896b3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Virtual_Mpc_setup.exe"

sh=82449999D4CA001C9619AABD9DB6C1B122D9B6B4 ft=1 fh=d6e2c475807e20f5 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\32bit_Standard_v184.exe"

sh=76C19267783B1C3FBE78C7EDFB19EEE1CA020E5B ft=1 fh=24f1c525cd32bc9c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe"

sh=69BBE5523F4836548AD1873EA7F3927A30C9D722 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk"

sh=63A6B64C95F819B6957419B2BF1BA06F66460B7C ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk"

sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\tr.apk"

sh=BE6F71B941AEAE604D167B044DB12FFA0111121B ft=1 fh=c84af2beea5a480e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe"

sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe"

sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe"

sh=1A97253BB89F2FEE65F0D5338374C9BD348BA797 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\3ab0d83b-5408f364"

sh=282C41AB2E8A56CBE8E12D1C4813AEFA540F1CE2 ft=1 fh=8d63cae4c6922cd0 vn="Variante von Win32/MessengerPlus evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\MsgPlusLive-485.exe"

sh=2585FB652784CADB0140D7AC8B768D24709C5C99 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DC Trojaner" ac=I fn="C:\FRST\Quarantine\rootutility"

sh=549576C3043357DE2709F12BD4B6EE3066B5C6B9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine\SuperOneClickv2.zip"

sh=6C889BFF503B258DD165154BB8485792C5FA6A5F ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Kuguo.E evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\Superusers.apk"

sh=23E9AE92BB0A5F649B1B6DCDC876E91712484E52 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.BN Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\AppCool.apk"

sh=197FADF8E7B72EF9C1ED9F650B7A29DEF4B8372A ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\CleanMaster.apk"

sh=C84320EDFC4CDDE05386E611105CE6220CF3A8E7 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Program Files (x86)\VROOT\Superuser.apk"

sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"

sh=EE0F12DC75A0B327DF2ECC020EA35F3EB9C9B79D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js"

sh=F62B6CC700DFD3250972DA9CD40891826950B6DE ft=1 fh=69e42b4b29fcdff9 vn="Win32/Toolbar.SearchSuite.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\AppData\Local\Viber\Helper.dll"

sh=8ADAAE074F0453305632DFFAEAD0773392E553F2 ft=1 fh=a3c15f99b9da4c5b vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\AppData\Local\Viber\Uninstall.exe"

sh=D57FDCC621EFFBC2C6C626C98827E11376E58CC8 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.ABD Trojaner" ac=I fn="C:\Users\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar"

sh=05496692BE3D1FFD73E0DB872AD44736456F309B ft=1 fh=0a3723757c633046 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\DownloadManagerSetup.exe"

sh=6676270EF28EB27D9884155B545167A7F59E0BEF ft=1 fh=4d8f9fb86021498e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe"

sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe"

sh=F2DEDBD96EA5E5405391F9C67F733EFBE16204A4 ft=1 fh=733f5b86bd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe"

sh=10EC9D9C93D2F2BEB677D7FD493C73FED9DC0832 ft=1 fh=611227e113887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe"

sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"

sh=5CFAFD2021118DF91FAC86E3362C9FC4E7819ECE ft=1 fh=b3d516fd14955557 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe"

sh=D9ACE011F481C9A8054511DC1AAB6A3C7B5D0FA5 ft=1 fh=df1655747ceefb41 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Recuva - CHIP-Downloader.exe"

sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="C:\Users\Kevo\Downloads\setup_Project64_2.1.exe"

sh=2F47B4BA8CCDBBD2CD9F501FA178B368ADDE67FC ft=1 fh=e1ee3862b8120d8b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Tunngle - CHIP-Installer.exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup (1).exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup (2).exe"

sh=648BDE75B4096B0B2DAAFD2189285BE6810E33EA ft=1 fh=0854e790dbf653dd vn="Variante von Win32/Toolbar.SearchSuite.W.gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\ViberSetup.exe"

sh=A26E8508633716B537149AB18C866D7A42918F71 ft=1 fh=63002f26150896b3 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Virtual_Mpc_setup.exe"

sh=82449999D4CA001C9619AABD9DB6C1B122D9B6B4 ft=1 fh=d6e2c475807e20f5 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Programs\32bit_Standard_v184.exe"

sh=76C19267783B1C3FBE78C7EDFB19EEE1CA020E5B ft=1 fh=24f1c525cd32bc9c vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe"

sh=69BBE5523F4836548AD1873EA7F3927A30C9D722 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Users\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk"

sh=63A6B64C95F819B6957419B2BF1BA06F66460B7C ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.GR Trojaner" ac=I fn="C:\Users\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk"

sh=7409EB1DEB8CFD42D98587492C38BEB47E805B68 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Towel.A Trojaner" ac=I fn="C:\Users\Siddiq\Downloads\tr.apk"

sh=BE6F71B941AEAE604D167B044DB12FFA0111121B ft=1 fh=c84af2beea5a480e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe"

sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe"

sh=E273AA24D773434BEDD3EF6906BABC5F552405D1 ft=1 fh=b17961507000735e vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe"

mfg Kevin.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Dokumente und Einstellungen\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Helper.dll

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Uninstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar

C:\Dokumente und Einstellungen\Kevo\Downloads\DownloadManagerSetup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Recuva - CHIP-Downloader.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\setup_Project64_2.1.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Tunngle - CHIP-Installer.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (1).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (2).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Virtual_Mpc_setup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\32bit_Standard_v184.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk

C:\Dokumente und Einstellungen\Siddiq\Downloads\tr.apk

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe

C:\Program Files (x86)\VROOT

C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni

C:\Users\All Users\nlcgledcgbnjgnhikehaekocgppemfni

C:\Users\Kevo\AppData\Local\Viber

C:\Users\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar

C:\Users\Kevo\Downloads\DownloadManagerSetup.exe

C:\Users\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe

C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe

C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe

C:\Users\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe

C:\Users\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Users\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe

C:\Users\Kevo\Downloads\Recuva - CHIP-Downloader.exe

C:\Users\Kevo\Downloads\setup_Project64_2.1.exe

C:\Users\Kevo\Downloads\Tunngle - CHIP-Installer.exe

C:\Users\Kevo\Downloads\ViberSetup (1).exe

C:\Users\Kevo\Downloads\ViberSetup (2).exe

C:\Users\Kevo\Downloads\ViberSetup.exe

C:\Users\Kevo\Downloads\Virtual_Mpc_setup.exe

C:\Users\Kevo\Downloads\Programs\32bit_Standard_v184.exe

C:\Users\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe

C:\Users\Siddiq\AppData\Roaming\mgyun

C:\Users\Siddiq\Downloads\tr.apk

C:\Users\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe

C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe

C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe

EmptyTemp:

Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

einmal das Fixlog :

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014

Ran by Siddiq at 2014-12-18 14:06:59 Run:12

Running from C:\Users\Siddiq\Desktop

Loaded Profile: Siddiq (Available profiles: Kevo & Siddiq)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Dokumente und Einstellungen\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Helper.dll

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Uninstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar

C:\Dokumente und Einstellungen\Kevo\Downloads\DownloadManagerSetup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Recuva - CHIP-Downloader.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\setup_Project64_2.1.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Tunngle - CHIP-Installer.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (1).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (2).exe

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Virtual_Mpc_setup.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\32bit_Standard_v184.exe

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk

C:\Dokumente und Einstellungen\Siddiq\Downloads\tr.apk

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe

C:\Program Files (x86)\VROOT

C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni

C:\Users\All Users\nlcgledcgbnjgnhikehaekocgppemfni

C:\Users\Kevo\AppData\Local\Viber

C:\Users\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar

C:\Users\Kevo\Downloads\DownloadManagerSetup.exe

C:\Users\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe

C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe

C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe

C:\Users\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe

C:\Users\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe

C:\Users\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe

C:\Users\Kevo\Downloads\Recuva - CHIP-Downloader.exe

C:\Users\Kevo\Downloads\setup_Project64_2.1.exe

C:\Users\Kevo\Downloads\Tunngle - CHIP-Installer.exe

C:\Users\Kevo\Downloads\ViberSetup (1).exe

C:\Users\Kevo\Downloads\ViberSetup (2).exe

C:\Users\Kevo\Downloads\ViberSetup.exe

C:\Users\Kevo\Downloads\Virtual_Mpc_setup.exe

C:\Users\Kevo\Downloads\Programs\32bit_Standard_v184.exe

C:\Users\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe

C:\Users\Siddiq\AppData\Roaming\mgyun

C:\Users\Siddiq\Downloads\tr.apk

C:\Users\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe

C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe

C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe

EmptyTemp:

Hosts:

*****************
 

C:\Dokumente und Einstellungen\All Users\nlcgledcgbnjgnhikehaekocgppemfni\ByJw.js => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Helper.dll => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\AppData\Local\Viber\Uninstall.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\DownloadManagerSetup.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Recuva - CHIP-Downloader.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\setup_Project64_2.1.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Tunngle - CHIP-Installer.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (1).exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup (2).exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\ViberSetup.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Virtual_Mpc_setup.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\32bit_Standard_v184.exe => Moved successfully.

C:\Dokumente und Einstellungen\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\CleanMaster.apk => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\AppData\Roaming\mgyun\VRoot\com.mgyun.superuser.apk => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\Downloads\tr.apk => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe => Moved successfully.

C:\Dokumente und Einstellungen\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe => Moved successfully.

C:\Program Files (x86)\VROOT => Moved successfully.

C:\ProgramData\nlcgledcgbnjgnhikehaekocgppemfni => Moved successfully.

"C:\Users\All Users\nlcgledcgbnjgnhikehaekocgppemfni" => File/Directory not found.

C:\Users\Kevo\AppData\Local\Viber => Moved successfully.

"C:\Users\Kevo\Downloads\3DMGAME-Need.for.Speed.Rivals.X86.and.X64.Crack.Only-3DM.rar" => File/Directory not found.

"C:\Users\Kevo\Downloads\DownloadManagerSetup.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Grand Theft Auto IV Patch - CHIP-Installer.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall (1).exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\GTA-4-Patch-1.0.7.0-lnstall.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\KFZ-Werkstatt-lnstall.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\MyPhoneExplorer_Setup_1.8.5.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\OpenOffice - CHIP-Downloader.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Recuva - CHIP-Downloader.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\setup_Project64_2.1.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Tunngle - CHIP-Installer.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\ViberSetup (1).exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\ViberSetup (2).exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\ViberSetup.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Virtual_Mpc_setup.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Programs\32bit_Standard_v184.exe" => File/Directory not found.

"C:\Users\Kevo\Downloads\Programs\MyPhoneExplorer_Setup_1.8.5.exe" => File/Directory not found.

C:\Users\Siddiq\AppData\Roaming\mgyun => Moved successfully.

"C:\Users\Siddiq\Downloads\tr.apk" => File/Directory not found.

"C:\Users\Siddiq\Downloads\VRoot_1.7.3.4863_english_cid1005_7337ba1e_89.exe" => File/Directory not found.

"C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup (1).exe" => File/Directory not found.

"C:\Users\Siddiq\Downloads\VRoot_1.7.7.7308_Setup.exe" => File/Directory not found.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 984.1 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Cool ich danke dir vielmals :daumenhoc

es gibt noch eine Sache die im Nachhinein aufgetreten ist, und zwar sind meine Erweiterungen in Chrome weg zb ad blocker proxyflow etc..

kann sie nun nicht mehr hinzufügen bekomme die Fehlermeldung "Network_failed".

wenn du mir das noch helfe könntest wäre das klasse :daumenhoc

trotzdem bedank ich mich schon mal Herzlich für deine mühe.

mfg. Kevin

Bei Chrome kann ich nicht weiterhelfen, denn ich nutze diesen Browser nicht.

Dann wären wir durch! :daumenhoc

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hallo Cosinus,

ich habe nach dem hier 2 freezes gehabt wo ich den rechner neu starten musste ( ohne bluescreen sogar nach mehreren stunden) können wir das evtl nochmal überprüfen ?

mfg Kevin.:daumenhoc

Mach dazu bitte nen neuen Strang im Hardwarebereich auf, das hat nämlich so nichts mehr mit Malwarebereinigung zu tun...