Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Chrome spielt Audiowerbung im Hintergrund ab und verursacht oft den "Oh Nein"-Fehler (https://www.trojaner-board.de/162197-chrome-spielt-audiowerbung-hintergrund-ab-verursacht-oft-oh-fehler.html)

Schneizilla 27.12.2014 18:28
Chrome spielt Audiowerbung im Hintergrund ab und verursacht oft den "Oh Nein"-Fehler
 
Hallo zusammen!

Also wie oben beschrieben spielt Chrome bei manchen Seiten im Hintergrund auf einmal irgendwelche Audiowerbung ab, ohne entsprechendes Video oder Pop-Up Fenster...noch dazu entsteht häufig der sogenannte "Oh Nein"-Fehler. https://support.google.com/chrome/answer/95669?hl=de
Die dort angegebenen Schritte habe ich bereits (soweit mir möglich) gemacht, also Anwendungen überprüft, neues Nutzerprofil angelegt und einen Virenscan durchgeführt.

Hier mal die Log-File von FRS:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by Stefan (administrator) on STEFAN-PC on 27-12-2014 18:02:44
Running from C:\Users\Stefan\Downloads
Loaded Profile: Stefan (Available profiles: Stefan & Geof)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Run: [Google Update] => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-31] (Google Inc.)
HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-877256624-1356241778-3237082232-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-877256624-1356241778-3237082232-1001 - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @talk.google.com/O1DPlugin -> C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Stefan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Stefan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-12-25]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/", "https://play.google.com/music/listen?hl=en#/now", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
CHR Extension: (James White) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2014-12-25]
CHR Extension: (YouTube) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Pushbullet) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-12-25]
CHR Extension: (Google Search) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-12-25]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-12-25]
CHR Extension: (Google Play Music) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-12-25]
CHR Extension: (Panel View for Keep) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-12-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-25]
CHR Extension: (WeatherBug) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Gmail) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Stefan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-13] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-13] (Symantec Corporation)
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-12-10] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-13] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-30] (DT Soft Ltd)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141226.011\IDSvia64.sys [637656 2014-12-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-13] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-13] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-12-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-13] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-13] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-12-25] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-13] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-06-06] (The OpenVPN Project)
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 18:02 - 2014-12-27 18:02 - 00000000 ____D () C:\Users\Stefan\Downloads\FRST-OlderVersion
2014-12-27 16:59 - 2014-12-27 17:10 - 469216456 _____ () C:\Users\Stefan\Downloads\20141226-018-v5i64.exe
2014-12-25 20:30 - 2014-12-25 20:30 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Symantec
2014-12-25 20:25 - 2014-12-25 20:25 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-12-25 20:25 - 2014-12-25 20:25 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-25 20:24 - 2014-12-25 20:24 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-12-25 20:24 - 2014-12-25 20:24 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-12-25 20:24 - 2014-12-25 20:24 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-12-25 20:23 - 2014-12-25 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-12-25 20:19 - 2014-12-25 20:20 - 00000000 ____D () C:\Users\Stefan\Desktop\SEPx64_v12.1.5337-5000
2014-12-25 20:17 - 2014-12-25 20:19 - 83134327 _____ () C:\Users\Stefan\Downloads\SEPx64_v12.1.5337-5000.zip
2014-12-25 18:32 - 2014-12-27 17:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 18:32 - 2014-12-25 18:32 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-25 18:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-25 18:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-25 18:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-25 18:26 - 2014-12-25 19:21 - 00000000 ____D () C:\AdwCleaner
2014-12-25 18:25 - 2014-12-25 18:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-25 18:25 - 2014-12-25 18:25 - 02173952 _____ () C:\Users\Stefan\Downloads\AdwCleaner_4.106.exe
2014-12-25 18:20 - 2014-12-25 18:20 - 00028666 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-12-25 18:18 - 2014-12-27 18:02 - 00017286 _____ () C:\Users\Stefan\Downloads\FRST.txt
2014-12-25 18:18 - 2014-12-27 18:02 - 00000000 ____D () C:\FRST
2014-12-25 18:15 - 2014-12-27 18:02 - 02122752 _____ (Farbar) C:\Users\Stefan\Downloads\FRST64.exe
2014-12-25 17:37 - 2014-12-27 17:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 17:37 - 2014-12-27 17:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 17:37 - 2014-12-25 17:48 - 00002264 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-25 17:37 - 2014-12-25 17:45 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-25 17:37 - 2014-12-25 17:45 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-25 17:37 - 2014-12-25 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 14:55 - 2014-12-25 14:55 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList
2014-12-25 13:31 - 2014-12-25 13:33 - 00003341 _____ () C:\Users\Stefan\Downloads\software_removal_tool.log
2014-12-22 20:07 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 20:07 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 03:36 - 2014-12-22 03:36 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 01:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 01:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 01:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 01:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 01:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 01:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 01:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 01:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 01:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 01:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-21 11:02 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-21 11:02 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-21 11:02 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-21 11:02 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-21 11:02 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-21 11:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 11:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 11:01 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 11:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 11:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-21 11:01 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 11:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 11:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 11:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-21 11:01 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-21 11:01 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 11:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 11:01 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 11:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-21 11:01 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 11:01 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-21 11:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-21 11:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 11:01 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 11:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 11:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-21 11:01 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 11:01 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 11:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 11:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 11:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-21 11:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 11:01 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-21 11:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 11:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 11:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 11:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 11:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-21 11:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 11:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 11:01 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-21 11:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 11:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 11:01 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 11:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-21 11:01 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 11:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 11:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 11:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 11:01 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 11:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 11:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 11:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-21 11:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 11:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 11:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 11:01 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 11:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 11:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 11:00 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-21 11:00 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-21 11:00 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-21 11:00 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-21 11:00 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-21 11:00 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-21 11:00 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-21 11:00 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 12:31 - 2014-12-08 12:31 - 00000774 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-12-08 12:31 - 2014-12-08 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-12-08 10:15 - 2014-12-22 20:36 - 00000000 ____D () C:\Windows\rescache
2014-12-06 15:14 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-06 15:14 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-06 15:14 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-06 15:14 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-06 15:14 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-06 15:13 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-06 15:13 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-06 15:13 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-06 15:13 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-06 15:13 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-06 15:13 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-06 15:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-06 15:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-06 15:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-06 15:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-06 15:12 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-06 15:12 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-06 15:12 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-06 15:12 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-06 15:12 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-06 15:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-06 15:12 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-06 15:12 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-06 15:12 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-06 15:12 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-06 15:11 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-06 15:11 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 18:00 - 2012-10-31 16:42 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA.job
2014-12-27 17:52 - 2012-11-10 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 15:00 - 2012-10-31 16:42 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core.job
2014-12-27 14:54 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:54 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 14:51 - 2012-10-30 23:28 - 01353555 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 14:51 - 2009-07-14 06:13 - 00782574 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 14:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 14:46 - 2009-07-14 05:51 - 00062026 _____ () C:\Windows\setupact.log
2014-12-26 23:38 - 2013-01-10 00:00 - 00000000 ____D () C:\Program Files\Common Files\WiTopia
2014-12-26 23:34 - 2014-04-09 08:02 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Battle.net
2014-12-25 19:21 - 2012-10-31 23:38 - 00129238 _____ () C:\Windows\PFRO.log
2014-12-25 19:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-12-25 17:39 - 2014-06-20 19:52 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Adobe
2014-12-25 17:39 - 2012-10-31 16:42 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Google
2014-12-25 17:37 - 2012-11-02 00:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 17:36 - 2012-11-10 18:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-25 17:36 - 2012-11-10 18:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-25 17:36 - 2012-11-10 18:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-25 13:26 - 2013-07-02 21:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-22 03:36 - 2014-05-06 22:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 03:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 03:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 01:10 - 2013-08-15 20:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 01:06 - 2013-11-23 22:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 01:06 - 2012-10-31 01:01 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-21 11:06 - 2014-04-09 08:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-21 10:49 - 2012-11-11 20:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-08 18:05 - 2012-11-02 08:23 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\vlc
2014-12-06 22:37 - 2012-12-07 16:00 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\uTorrent
2014-12-06 22:14 - 2012-10-31 16:42 - 00109280 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-06 22:13 - 2009-07-14 05:45 - 00409208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-06 15:15 - 2012-12-07 16:02 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Mozilla
2014-12-06 14:55 - 2012-10-31 16:42 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA
2014-12-06 14:55 - 2012-10-31 16:42 - 00003700 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core

Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\AutoRun.exe
C:\Users\Stefan\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Stefan\AppData\Local\Temp\EAInstall.dll
C:\Users\Stefan\AppData\Local\Temp\eauninstall.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\nvStInst.exe
C:\Users\Stefan\AppData\Local\Temp\ose00000.exe
C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefan\AppData\Local\Temp\riftuninstall.exe
C:\Users\Stefan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Stefan\AppData\Local\Temp\sqlite3.dll
C:\Users\Stefan\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Stefan\AppData\Local\Temp\tbedrs.dll
C:\Users\Stefan\AppData\Local\Temp\tbuTor.dll
C:\Users\Stefan\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe
C:\Users\Stefan\AppData\Local\Temp\uttACF8.tmp.exe
C:\Users\Stefan\AppData\Local\Temp\WiTopia%20Installer%202.1.1.148.exe
C:\Users\Stefan\AppData\Local\Temp\WiTopia%20Installer%202.1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 03:56

==================== End Of Log ============================
--- --- ---

--- --- ---

Addition.txt von heute:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by Stefan at 2014-12-27 18:50:48
Running from C:\Users\Stefan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MKVToolNix 5.9.0 (HKLM-x32\...\MKVToolNix) (Version: 5.9.0 - Moritz Bunkus)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.5.30633 - Grinding Gear Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RotWK Widescreen Enhanced 1.0 (HKLM-x32\...\RotWK Widescreen Enhanced 1.0) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )
WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 - WiTopia)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-12-2014 15:52:43 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {29DC5B71-A6C3-454C-894E-7D84A2A390B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {7126BEB2-D809-46DC-823C-E40D86EA2D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {72039E7B-C6ED-4E44-AE5C-E6A87B777989} - System32\Tasks\{2748CF20-C001-4C94-A125-FB2C2D04E637} => Chrome.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?source=lightinstaller&page=tsBing
Task: {8BA32417-D0CE-4121-B912-F84ABA9C9A4D} - System32\Tasks\{34921EB5-A66A-477E-B499-76F4399D1493} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: {8FEF1FF8-1598-47D7-87DB-C16C636EE507} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {9E87B31E-C931-415A-A41D-5A8E5CF5DB01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BAF4C8EF-58F6-4EE5-9F1C-74705BB42CB0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {E82D840F-A3FA-4730-A8D1-5164369EF0F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {FF3041EA-F7C4-4346-8654-3E09015C4DFD} - System32\Tasks\{6E4E6708-1927-41FC-BA42-B3EDCDAD0F5D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&page=tsInstall
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core.job => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA.job => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-02 22:24 - 2005-04-22 05:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-02 22:24 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-12-25 17:48 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-25 17:48 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-25 17:48 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-25 17:48 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-21 11:05 - 2014-12-21 11:05 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-21 11:05 - 2014-12-21 11:06 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-21 11:52 - 2014-12-21 11:52 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
2013-09-25 21:35 - 2014-12-21 11:11 - 23950848 _____ () G:\World of Warcraft\Utils\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Stefan:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Stefan\Application Data:gs5sys
AlternateDataStreams: C:\Users\Stefan\Cookies:gs5sys
AlternateDataStreams: C:\Users\Stefan\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Stefan\Templates:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Stefan\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Users\Stefan\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-877256624-1356241778-3237082232-500 - Administrator - Disabled)
Geof (S-1-5-21-877256624-1356241778-3237082232-1004 - Administrator - Enabled) => C:\Users\Geof
Guest (S-1-5-21-877256624-1356241778-3237082232-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877256624-1356241778-3237082232-1002 - Limited - Enabled)
Stefan (S-1-5-21-877256624-1356241778-3237082232-1001 - Administrator - Enabled) => C:\Users\Stefan

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2014 05:52:03 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 05:49:02 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 04:55:02 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 04:52:01 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 02:49:04 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 02:46:53 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 08:05:03 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 08:02:03 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 00:08:01 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 00:05:01 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent


System errors:
=============
Error: (12/27/2014 06:50:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.

Error: (12/27/2014 06:20:31 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.

Error: (12/27/2014 06:02:30 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.

Error: (12/27/2014 05:50:28 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.

Error: (12/27/2014 02:50:10 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.

Error: (12/27/2014 02:47:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP

Error: (12/27/2014 02:45:52 PM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.

Error: (12/27/2014 04:08:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/27/2014 04:01:15 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/26/2014 03:14:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer EASYBOX
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CE3C6857-263A-4CEF-A391-2F59EC4D15D1}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (12/27/2014 05:52:03 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 05:49:02 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 04:55:02 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 04:52:01 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 02:49:04 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 02:46:53 PM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 08:05:03 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 08:02:03 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 00:08:01 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent

Error: (12/27/2014 00:05:01 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: hxxp://www.symantec.com/techsupp/servlet/ProductMessages?product=SAVCORP&version=12.1.0.0.sepe&language=german&module=1000&error=0009&build=symantec_ent


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 43%
Total physical RAM: 8190.49 MB
Available physical RAM: 4593.16 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 12129.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:0.43 GB) NTFS
Drive g: (Games) (Fixed) (Total:368.1 GB) (Free:260.34 GB) NTFS
Drive s: (Stefan Media) (Fixed) (Total:2794.39 GB) (Free:1487.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5951EB01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Dann habe ich in einem anderen Thread mit ähnlichem Problem gelesen, dass dort Malewarebytes Anti-Maleware und ADW Cleaner empfohlen wurden.

Hier zwei Logs von ADW (25.12. und von heute):

Code:
# AdwCleaner v4.106 - Report created 25/12/2014 at 18:26:37
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Stefan - STEFAN-PC
# Running from : C:\Users\Stefan\Downloads\AdwCleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Stefan\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Stefan\AppData\Local\Conduit
Folder Found : C:\Users\Stefan\AppData\LocalLow\Conduit

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [1400 octets] - [25/12/2014 18:26:37]
Code:
# AdwCleaner v4.106 - Report created 27/12/2014 at 18:12:28
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Stefan - STEFAN-PC
# Running from : C:\Users\Stefan\Downloads\AdwCleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [1544 octets] - [25/12/2014 18:26:37]
AdwCleaner[R1].txt - [875 octets] - [25/12/2014 19:19:20]
AdwCleaner[R2].txt - [736 octets] - [27/12/2014 18:12:28]
AdwCleaner[S0].txt - [1532 octets] - [25/12/2014 18:28:33]
AdwCleaner[S1].txt - [935 octets] - [25/12/2014 19:21:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [914 octets] ##########
Und hier zwei Logs von MWB (25.12. und heute):

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.12.2014
Scan Time: 18:33:22
Logfile: MWB1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.25.10
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stefan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425346
Time Elapsed: 32 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\Stefan\AppData\Local\Temp\DTLite4471-0333.exe, Quarantined, [e42a89de58245bdb51522c7623e2c33d],

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.12.2014
Scan Time: 02:57:00
Logfile: MWB2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.27.01
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stefan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384194
Time Elapsed: 31 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Es wurden wohl auch Dateien gefunden und Quarantäne gepackt, aber die Fehler treten immer noch auf. Außerdem fühlt sich der Rechner auch insgesamt sehr langsam an...

Ok, vielen Dank schonmal!

MfG
Stefan

schrauber 27.12.2014 18:34
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Addition.txt von FRST fehlt noch.

Schneizilla 27.12.2014 18:53
Hallo schrauber,

habe das Posting entsprechend formatiert und das fehlende Log eingefügt.

MfG
Stefan

schrauber 28.12.2014 17:03
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schneizilla 28.12.2014 19:10
Hallo Schrauber,
vielen Dank für die Hilfe. Hier das Ergebnis von ComboFix:

Code:
ComboFix 14-12-25.01 - Stefan 28.12.2014  18:24:27.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1033.18.8190.6511 [GMT 1:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Symantec Endpoint Protection *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Symantec Endpoint Protection *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-28 bis 2014-12-28  ))))))))))))))))))))))))))))))
.
.
2014-12-28 17:32 . 2014-12-28 17:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-12-28 17:14 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E7DCB0D-4E34-4EEE-8AF7-090B2DD5F8E5}\mpengine.dll
2014-12-26 14:22 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-25 19:30 . 2014-12-25 19:30        --------        d-----w-        c:\users\Stefan\AppData\Local\Symantec
2014-12-25 19:25 . 2014-12-25 19:25        177752        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-12-25 19:25 . 2014-12-25 19:25        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2014-12-25 19:25 . 2014-12-25 19:25        --------        d-----w-        c:\windows\system32\drivers\symefasi
2014-12-25 19:25 . 2014-12-25 19:25        --------        d-----w-        c:\programdata\SymEFASI
2014-12-25 19:24 . 2014-12-25 19:24        58720        ----a-w-        c:\windows\system32\snacnp.dll
2014-12-25 19:24 . 2014-12-25 19:24        579936        ----a-w-        c:\windows\system32\SymVPN.dll
2014-12-25 19:24 . 2014-12-25 19:24        51552        ----a-w-        c:\windows\SysWow64\snacnp.dll
2014-12-25 19:24 . 2014-12-25 19:24        462688        ----a-w-        c:\windows\system32\sysfer.dll
2014-12-25 19:24 . 2014-12-25 19:24        424288        ----a-w-        c:\windows\SysWow64\SymVPN.dll
2014-12-25 19:24 . 2014-12-25 19:24        39384        ----a-w-        c:\windows\system32\drivers\WGX64.SYS
2014-12-25 19:24 . 2014-12-25 19:24        363872        ----a-w-        c:\windows\SysWow64\sysfer.dll
2014-12-25 19:24 . 2014-12-25 19:24        159552        ----a-w-        c:\windows\system32\drivers\SysPlant.sys
2014-12-25 19:24 . 2014-12-25 19:24        159072        ----a-w-        c:\windows\system32\FwsVpn.dll
2014-12-25 19:24 . 2014-12-25 19:24        139104        ----a-w-        c:\windows\SysWow64\FwsVpn.dll
2014-12-25 19:24 . 2014-12-25 19:24        --------        d-----w-        c:\programdata\regid.1992-12.com.symantec
2014-12-25 19:23 . 2014-12-25 19:23        --------        d-----w-        c:\windows\system32\drivers\SEP
2014-12-25 19:23 . 2014-12-25 19:23        --------        d-----w-        c:\programdata\Symantec
2014-12-25 19:23 . 2014-12-25 19:23        --------        d-----w-        c:\program files (x86)\Symantec
2014-12-25 17:32 . 2014-12-28 17:01        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-25 17:32 . 2014-12-25 17:32        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-25 17:32 . 2014-12-25 17:32        --------        d-----w-        c:\programdata\Malwarebytes
2014-12-25 17:32 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-12-25 17:32 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-12-25 17:32 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-12-25 17:26 . 2014-12-27 17:13        --------        d-----w-        C:\AdwCleaner
2014-12-25 17:18 . 2014-12-27 17:51        --------        d-----w-        C:\FRST
2014-12-25 13:55 . 2014-12-25 13:55        --------        d-sh--w-        c:\users\Stefan\AppData\Local\EmieBrowserModeList
2014-12-22 19:07 . 2014-12-13 05:09        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-22 19:07 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-22 02:36 . 2014-12-22 02:36        --------        d-----w-        c:\windows\system32\appraiser
2014-12-22 00:03 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-12-22 00:03 . 2014-07-07 02:06        206848        ----a-w-        c:\windows\system32\mfps.dll
2014-12-22 00:03 . 2014-07-07 02:06        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-22 00:03 . 2014-07-07 02:06        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-22 00:03 . 2014-07-07 02:02        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-22 00:03 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2014-12-22 00:03 . 2014-07-07 01:39        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2014-12-22 00:03 . 2014-07-07 01:39        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2014-12-22 00:03 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2014-12-22 00:03 . 2014-10-18 02:05        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-21 10:02 . 2014-12-04 02:50        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-21 10:02 . 2014-12-04 02:44        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-21 10:02 . 2014-12-01 23:28        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-12-21 10:02 . 2014-12-04 02:50        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-21 10:02 . 2014-12-04 02:50        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-21 10:02 . 2014-12-04 02:50        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-21 10:02 . 2014-12-04 02:50        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-21 10:02 . 2014-11-11 03:09        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-12-21 10:02 . 2014-11-11 02:44        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-12-21 10:02 . 2014-11-11 01:46        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-21 10:00 . 2014-10-30 02:03        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-12-21 09:56 . 2014-09-18 14:31        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F489D24-FCE7-407C-9537-FF3B11139228}\gapaengine.dll
2014-12-08 09:15 . 2014-12-22 19:36        --------        d-----w-        c:\windows\rescache
2014-12-06 14:14 . 2014-10-14 02:13        683520        ----a-w-        c:\windows\system32\termsrv.dll
2014-12-06 14:14 . 2014-10-14 02:07        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-12-06 14:14 . 2014-10-14 01:47        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2014-12-06 14:14 . 2014-10-14 01:46        681984        ----a-w-        c:\windows\SysWow64\adtschema.dll
2014-12-06 14:14 . 2014-10-14 02:09        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-12-06 14:13 . 2014-08-21 06:43        1882624        ----a-w-        c:\windows\system32\msxml3.dll
2014-12-06 14:13 . 2014-08-21 06:40        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2014-12-06 14:13 . 2014-08-21 06:26        1237504        ----a-w-        c:\windows\SysWow64\msxml3.dll
2014-12-06 14:13 . 2014-08-21 06:23        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2014-12-06 14:13 . 2014-08-12 02:02        878080        ----a-w-        c:\windows\system32\IMJP10K.DLL
2014-12-06 14:13 . 2014-08-12 01:36        701440        ----a-w-        c:\windows\SysWow64\IMJP10K.DLL
2014-12-06 14:11 . 2014-10-18 02:05        861696        ----a-w-        c:\windows\system32\oleaut32.dll
2014-12-06 14:11 . 2014-10-18 01:33        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-25 16:36 . 2012-11-10 17:46        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-25 16:36 . 2012-11-10 17:46        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-22 00:06 . 2012-10-31 00:01        112710672        ----a-w-        c:\windows\system32\MRT.exe
2014-11-19 03:26 . 2014-11-19 03:26        1614504        ----a-w-        c:\windows\system32\FM20.DLL
2014-10-31 18:07 . 2014-10-31 18:07        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 11:25 . 2012-10-30 23:01        275080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2014-06-06 814368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdatp.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\DRIVERS\visctap0901.sys;c:\windows\SYSNATIVE\DRIVERS\visctap0901.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\symefasi\0500010.01F\symefasi.sys;c:\windows\SYSNATIVE\drivers\symefasi\0500010.01F\symefasi.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [x]
S1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279};Symantec Endpoint Protection 12.1.5337.5000.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141226.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141226.011\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WiTopiaService;WiTopia Service;c:\program files\WiTopia\WiTopiaService.exe;c:\program files\WiTopia\WiTopiaService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - SRTSP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-25 16:48        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 16:36]
.
2014-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25 16:36]
.
2014-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25 16:36]
.
2014-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31 15:42]
.
2014-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA.job
- c:\users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31 15:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-RotWK Widescreen Enhanced 1.0 - c:\program files (x86)\Electronic Arts\The Lord of the Rings
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files (x86)\Electronic Arts\The Lord of the Rings
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\sms.dll\" /prefetch:1"
"ImagePath"="system32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-28  18:34:43
ComboFix-quarantined-files.txt  2014-12-28 17:34
.
Vor Suchlauf: 6.828.929.024 bytes free
Nach Suchlauf: 18.863.853.568 bytes free
.
- - End Of File - - 56D824A4D30BE007F155455039DECB45
A36C5E4F47E84449FF07ED3517B43A31

schrauber 29.12.2014 16:47
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Schneizilla 30.12.2014 13:30
Hallo Schrauber, anbei die Logfiles. Vielen Dank :)

MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 30.12.2014
Suchlauf-Zeit: 12:53:23
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.30.04
Rootkit Datenbank: v2014.12.29.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Stefan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341161
Verstrichene Zeit: 9 Min, 32 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
ADW Cleaner
Code:
# AdwCleaner v4.106 - Report created 30/12/2014 at 13:07:56
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Stefan - STEFAN-PC
# Running from : C:\Users\Stefan\Desktop\AdwCleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [1544 octets] - [25/12/2014 18:26:37]
AdwCleaner[R1].txt - [875 octets] - [25/12/2014 19:19:20]
AdwCleaner[R2].txt - [993 octets] - [27/12/2014 18:12:28]
AdwCleaner[R3].txt - [1050 octets] - [30/12/2014 13:05:37]
AdwCleaner[S0].txt - [1532 octets] - [25/12/2014 18:28:33]
AdwCleaner[S1].txt - [935 octets] - [25/12/2014 19:21:06]
AdwCleaner[S2].txt - [973 octets] - [30/12/2014 13:07:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1032 octets] ##########
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Stefan on 30.12.2014 at 13:12:40,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.12.2014 at 13:18:27,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Stefan (administrator) on STEFAN-PC on 30-12-2014 13:20:19
Running from C:\Users\Stefan\Downloads
Loaded Profile: Stefan (Available profiles: Stefan & Geof)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-877256624-1356241778-3237082232-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-877256624-1356241778-3237082232-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @talk.google.com/O1DPlugin -> C:\Users\Stefan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-877256624-1356241778-3237082232-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Stefan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Stefan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-12-25]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/", "https://play.google.com/music/listen?hl=en#/now", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-25]
CHR Extension: (James White) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2014-12-25]
CHR Extension: (YouTube) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Pushbullet) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-12-25]
CHR Extension: (Google Search) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-12-25]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-12-25]
CHR Extension: (Google Play Music) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-12-25]
CHR Extension: (Panel View for Keep) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccocffecajimkdjgfpjhlpiimcnadhb [2014-12-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-25]
CHR Extension: (WeatherBug) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-12-25]
CHR Extension: (Google Wallet) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Gmail) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Stefan\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-13] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-13] (Symantec Corporation)
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141210.012\BHDrvx64.sys [1586904 2014-12-10] (Symantec Corporation)
R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-13] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-30] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141226.011\IDSvia64.sys [637656 2014-12-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141228.001\ENG64.SYS [129752 2014-12-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141228.001\EX64.SYS [2137304 2014-12-15] (Symantec Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-13] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-13] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-12-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-13] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-13] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-12-25] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-13] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-06-06] (The OpenVPN Project)
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 13:18 - 2014-12-30 13:18 - 00000696 _____ () C:\Users\Stefan\Desktop\JRT.txt
2014-12-30 13:12 - 2014-12-30 13:12 - 00000000 ____D () C:\Windows\ERUNT
2014-12-30 13:03 - 2014-12-30 13:03 - 00001201 _____ () C:\Users\Stefan\Desktop\mbam.txt
2014-12-30 12:51 - 2014-12-30 12:51 - 01707939 _____ (Thisisu) C:\Users\Stefan\Desktop\JRT.exe
2014-12-28 18:34 - 2014-12-28 18:34 - 00023216 _____ () C:\ComboFix.txt
2014-12-28 18:19 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-28 18:19 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-28 18:19 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-28 18:19 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-28 18:19 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-28 18:19 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-28 18:19 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-28 18:19 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-28 18:18 - 2014-12-28 18:34 - 00000000 ____D () C:\Qoobox
2014-12-28 18:17 - 2014-12-28 18:32 - 00000000 ____D () C:\Windows\erdnt
2014-12-28 18:08 - 2014-12-28 18:09 - 05603624 ____R (Swearware) C:\Users\Stefan\Desktop\ComboFix.exe
2014-12-27 18:02 - 2014-12-30 13:20 - 00000000 ____D () C:\Users\Stefan\Downloads\FRST-OlderVersion
2014-12-27 16:59 - 2014-12-27 17:10 - 469216456 _____ () C:\Users\Stefan\Downloads\20141226-018-v5i64.exe
2014-12-25 20:30 - 2014-12-25 20:30 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Symantec
2014-12-25 20:25 - 2014-12-25 20:25 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-12-25 20:25 - 2014-12-25 20:25 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-12-25 20:25 - 2014-12-25 20:25 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-12-25 20:24 - 2014-12-25 20:24 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-12-25 20:24 - 2014-12-25 20:24 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-12-25 20:24 - 2014-12-25 20:24 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-12-25 20:24 - 2014-12-25 20:24 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-12-25 20:23 - 2014-12-25 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-25 20:23 - 2014-12-25 20:23 - 00000000 ____D () C:\Program Files (x86)\Symantec
2014-12-25 20:19 - 2014-12-25 20:20 - 00000000 ____D () C:\Users\Stefan\Desktop\SEPx64_v12.1.5337-5000
2014-12-25 20:17 - 2014-12-25 20:19 - 83134327 _____ () C:\Users\Stefan\Downloads\SEPx64_v12.1.5337-5000.zip
2014-12-25 18:32 - 2014-12-30 13:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 18:32 - 2014-12-25 18:32 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 18:32 - 2014-12-25 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-25 18:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-25 18:32 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-25 18:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-25 18:26 - 2014-12-30 13:07 - 00000000 ____D () C:\AdwCleaner
2014-12-25 18:25 - 2014-12-25 18:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-25 18:25 - 2014-12-25 18:25 - 02173952 _____ () C:\Users\Stefan\Desktop\AdwCleaner_4.106.exe
2014-12-25 18:20 - 2014-12-27 18:51 - 00033981 _____ () C:\Users\Stefan\Downloads\Addition.txt
2014-12-25 18:18 - 2014-12-30 13:20 - 00017335 _____ () C:\Users\Stefan\Downloads\FRST.txt
2014-12-25 18:18 - 2014-12-30 13:20 - 00000000 ____D () C:\FRST
2014-12-25 18:15 - 2014-12-30 13:20 - 02123264 _____ (Farbar) C:\Users\Stefan\Downloads\FRST64.exe
2014-12-25 17:37 - 2014-12-30 13:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-25 17:37 - 2014-12-30 12:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-25 17:37 - 2014-12-25 17:48 - 00002264 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-25 17:37 - 2014-12-25 17:45 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-25 17:37 - 2014-12-25 17:45 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-25 17:37 - 2014-12-25 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 14:55 - 2014-12-25 14:55 - 00000000 __SHD () C:\Users\Stefan\AppData\Local\EmieBrowserModeList
2014-12-25 13:31 - 2014-12-25 13:33 - 00003341 _____ () C:\Users\Stefan\Downloads\software_removal_tool.log
2014-12-22 20:07 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-22 20:07 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-22 03:36 - 2014-12-22 03:36 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-22 01:03 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-22 01:03 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-22 01:03 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-22 01:03 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-22 01:03 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-22 01:03 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-22 01:03 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-22 01:03 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-22 01:03 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-22 01:03 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-21 11:02 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-21 11:02 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-21 11:02 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-21 11:02 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-21 11:02 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-21 11:02 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-21 11:01 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-21 11:01 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-21 11:01 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-21 11:01 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-21 11:01 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-21 11:01 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-21 11:01 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-21 11:01 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-21 11:01 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-21 11:01 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-21 11:01 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-21 11:01 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-21 11:01 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-21 11:01 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-21 11:01 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-21 11:01 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-21 11:01 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-21 11:01 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-21 11:01 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-21 11:01 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-21 11:01 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-21 11:01 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-21 11:01 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-21 11:01 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-21 11:01 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-21 11:01 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-21 11:01 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-21 11:01 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-21 11:01 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-21 11:01 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-21 11:01 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-21 11:01 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-21 11:01 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-21 11:01 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-21 11:01 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-21 11:01 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-21 11:01 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-21 11:01 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-21 11:01 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-21 11:01 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-21 11:01 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-21 11:01 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-21 11:01 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-21 11:01 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-21 11:01 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-21 11:01 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-21 11:01 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-21 11:01 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-21 11:01 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-21 11:01 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-21 11:01 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-21 11:01 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-21 11:01 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-21 11:01 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-21 11:00 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-21 11:00 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-21 11:00 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-21 11:00 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-21 11:00 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-21 11:00 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-21 11:00 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-21 11:00 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-21 11:00 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-21 11:00 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 12:31 - 2014-12-08 12:31 - 00000774 _____ () C:\Users\Public\Desktop\Diablo III Public Test.lnk
2014-12-08 12:31 - 2014-12-08 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-12-08 10:15 - 2014-12-22 20:36 - 00000000 ____D () C:\Windows\rescache
2014-12-06 15:14 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-06 15:14 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-06 15:14 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-06 15:14 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-06 15:14 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-06 15:13 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-06 15:13 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-06 15:13 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-06 15:13 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-06 15:13 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-06 15:13 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-06 15:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-06 15:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-06 15:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-06 15:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-06 15:12 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-06 15:12 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-06 15:12 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-06 15:12 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-06 15:12 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-06 15:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-06 15:12 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-06 15:12 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-06 15:12 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-06 15:12 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-06 15:12 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-06 15:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-06 15:12 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-06 15:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-06 15:11 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-06 15:11 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-30 13:16 - 2009-07-14 06:13 - 00782574 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 13:16 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 13:16 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 13:13 - 2012-10-30 23:28 - 01466201 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 13:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 13:09 - 2009-07-14 05:51 - 00062250 _____ () C:\Windows\setupact.log
2014-12-30 13:08 - 2012-10-31 23:38 - 00130104 _____ () C:\Windows\PFRO.log
2014-12-30 13:01 - 2012-10-31 16:42 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA.job
2014-12-30 12:52 - 2012-11-10 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 23:22 - 2014-04-09 08:02 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Battle.net
2014-12-28 18:34 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-28 18:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-27 15:00 - 2012-10-31 16:42 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core.job
2014-12-26 23:38 - 2013-01-10 00:00 - 00000000 ____D () C:\Program Files\Common Files\WiTopia
2014-12-25 19:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-12-25 17:39 - 2014-06-20 19:52 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Adobe
2014-12-25 17:39 - 2012-10-31 16:42 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Google
2014-12-25 17:37 - 2012-11-02 00:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 17:36 - 2012-11-10 18:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-25 17:36 - 2012-11-10 18:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-25 17:36 - 2012-11-10 18:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-25 13:26 - 2013-07-02 21:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-22 03:36 - 2014-05-06 22:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-22 03:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-22 03:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-22 01:10 - 2013-08-15 20:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-22 01:06 - 2013-11-23 22:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 01:06 - 2012-10-31 01:01 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-21 11:06 - 2014-04-09 08:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-21 10:49 - 2012-11-11 20:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-08 18:05 - 2012-11-02 08:23 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\vlc
2014-12-06 22:37 - 2012-12-07 16:00 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\uTorrent
2014-12-06 22:14 - 2012-10-31 16:42 - 00109280 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-06 22:13 - 2009-07-14 05:45 - 00409208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-06 15:15 - 2012-12-07 16:02 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Mozilla
2014-12-06 14:55 - 2012-10-31 16:42 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA
2014-12-06 14:55 - 2012-10-31 16:42 - 00003700 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core

Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 03:56

==================== End Of Log ============================
--- --- ---


FRST Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Stefan at 2014-12-30 13:20:53
Running from C:\Users\Stefan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Symantec Endpoint Protection (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MKVToolNix 5.9.0 (HKLM-x32\...\MKVToolNix) (Version: 5.9.0 - Moritz Bunkus)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.5.30633 - Grinding Gear Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
RotWK Widescreen Enhanced 1.0 (HKLM-x32\...\RotWK Widescreen Enhanced 1.0) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (HKU\S-1-5-21-877256624-1356241778-3237082232-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WinZip 11.2 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}) (Version: 11.2.8094 - WinZip Computing, S.L. )
WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.1.9.178 - WiTopia)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-877256624-1356241778-3237082232-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Stefan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

29-12-2014 21:45:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {29DC5B71-A6C3-454C-894E-7D84A2A390B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {7126BEB2-D809-46DC-823C-E40D86EA2D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {72039E7B-C6ED-4E44-AE5C-E6A87B777989} - System32\Tasks\{2748CF20-C001-4C94-A125-FB2C2D04E637} => Chrome.exe hxxp://ui.skype.com/ui/0/6.10.0.104/de/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {8BA32417-D0CE-4121-B912-F84ABA9C9A4D} - System32\Tasks\{34921EB5-A66A-477E-B499-76F4399D1493} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {8FEF1FF8-1598-47D7-87DB-C16C636EE507} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {9E87B31E-C931-415A-A41D-5A8E5CF5DB01} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BAF4C8EF-58F6-4EE5-9F1C-74705BB42CB0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31] (Google Inc.)
Task: {E82D840F-A3FA-4730-A8D1-5164369EF0F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {FF3041EA-F7C4-4346-8654-3E09015C4DFD} - System32\Tasks\{6E4E6708-1927-41FC-BA42-B3EDCDAD0F5D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001Core.job => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877256624-1356241778-3237082232-1001UA.job => C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-02 22:24 - 2005-04-22 05:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-02 22:24 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Stefan:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Stefan\Application Data:gs5sys
AlternateDataStreams: C:\Users\Stefan\Cookies:gs5sys
AlternateDataStreams: C:\Users\Stefan\Local Settings:gs5sys
AlternateDataStreams: C:\Users\Stefan\Templates:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\Stefan\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\Stefan\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Users\Stefan\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-877256624-1356241778-3237082232-500 - Administrator - Disabled)
Geof (S-1-5-21-877256624-1356241778-3237082232-1004 - Administrator - Enabled) => C:\Users\Geof
Guest (S-1-5-21-877256624-1356241778-3237082232-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877256624-1356241778-3237082232-1002 - Limited - Enabled)
Stefan (S-1-5-21-877256624-1356241778-3237082232-1001 - Administrator - Enabled) => C:\Users\Stefan

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SparkLabs VPN
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 24%
Total physical RAM: 8190.49 MB
Available physical RAM: 6171.81 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 14299.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:16.59 GB) NTFS
Drive g: (Games) (Fixed) (Total:368.1 GB) (Free:252.34 GB) NTFS
Drive s: (Stefan Media) (Fixed) (Total:2794.39 GB) (Free:1487.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5951EB01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber 31.12.2014 00:50

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Schneizilla 01.01.2015 16:11
Hallo Schrauber,

ein frohes neues Jahr! Vielen Dank für die bisherige Unterstützung :daumenhoc
Den einzigen USB-Stick, den ich in letzter Zeit am Rechner hatte, bekomme ich erst am Montag wieder...also mache ich die letzten Schritte auch erst dann...glaubst du denn, ich hatte mir den Virus (oder was auch immer es war) über diesen Stick geholt?

MfG
Stefan

schrauber 01.01.2015 16:54
Nein, aber ein Onlinescan ist immer ne gute Möglichkeit, externe Medien auch mal mit zu scannen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55