Trojaner-Board - Vaudix Ads

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Vaudix Ads (https://www.trojaner-board.de/163007-vaudix-ads.html)

Hallo,

ich habe mir seit langem mal wieder was eingefangen.
Bei einem Download scheine ich mir die omiga-plus toolbar eingefangen. Die habe ich mittlerweile entfernen können.
Nun im Anschluss kommt noch Vaudix ins Spiel. Das bekomme ich leider nicht los. Bitte helft mir ich bin die Werbung leid!!

Danke schonmal im vorraus.

Liebe Grüße

Tobi

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Tobi (administrator) on TOBI-PC on 20-01-2015 22:33:36

Running from C:\Users\Tobi\Downloads

Loaded Profiles: Tobi (Available profiles: Tobi)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() H:\Programme\EslWire\service\WireHelperSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\MountPoints2: {3e4b4d6e-579a-11e4-b1a3-806e6f6e6963} - D:\Setup.exe

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk

ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171
 

FireFox:

========

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9

CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33

CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]

CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]

CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]

CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]

CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]

CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]

CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]

CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]

CHR Extension: (Instagram for Chrome Tabs  Instatabs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod [2015-01-19]

CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]

CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]

CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

S2 d65a1a66; c:\Program Files (x86)\TampaGeneration\TampaGeneration.dll [3329536 2015-01-19] () [File not signed]

R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)

R2 MBAMScheduler; H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)

R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)

R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe

2015-01-20 22:33 - 2015-01-20 22:33 - 00014815 _____ () C:\Users\Tobi\Downloads\FRST.txt

2015-01-20 22:33 - 2015-01-20 22:33 - 00000000 ____D () C:\FRST

2015-01-20 21:42 - 2015-01-20 21:42 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt

2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe

2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt

2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT

2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe

2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\TampaGeneration

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix

2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download

2015-01-11 22:33 - 2015-01-20 21:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-11 21:04 - 2015-01-20 21:54 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client

2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk

2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire

2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire

2015-01-08 22:06 - 2015-01-20 21:25 - 00000000 ____D () C:\AdwCleaner

2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe

2015-01-08 22:02 - 2015-01-20 22:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk

2015-01-08 21:49 - 2015-01-08 22:06 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90

2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp

2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com

2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\VTAP.job

2015-01-08 21:33 - 2015-01-20 21:54 - 00001330 _____ () C:\Windows\Tasks\USTV.job

2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\VTAP

2015-01-08 21:33 - 2015-01-08 21:33 - 00004352 _____ () C:\Windows\System32\Tasks\USTV

2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-20 22:01 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-20 22:00 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat

2015-01-20 22:00 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat

2015-01-20 22:00 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-20 21:57 - 2014-10-19 15:18 - 01837051 _____ () C:\Windows\WindowsUpdate.log

2015-01-20 21:54 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-20 21:54 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-20 21:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-20 21:54 - 2009-07-14 05:51 - 00051343 _____ () C:\Windows\setupact.log

2015-01-20 21:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-20 21:15 - 2010-11-21 04:47 - 00077744 _____ () C:\Windows\PFRO.log

2015-01-20 20:25 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client

2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc

2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources

2015-01-08 22:06 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo

2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP

2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Tobi\AppData\Local\Temp\47603A90-A7B2-8D93-2DAF-C44F1FA767F3.exe

C:\Users\Tobi\AppData\Local\Temp\6F3a8bf3.exe

C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.dll

C:\Users\Tobi\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.exe

C:\Users\Tobi\AppData\Local\Temp\eCBFb7.exe

C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8085-x64.exe

C:\Users\Tobi\AppData\Local\Temp\EslWireSetup-1.18.0.8101-x64.exe

C:\Users\Tobi\AppData\Local\Temp\optprosetup.exe

C:\Users\Tobi\AppData\Local\Temp\PrefJsonCpp.exe

C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe

C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll

C:\Users\Tobi\AppData\Local\Temp\sqlite3.exe

C:\Users\Tobi\AppData\Local\Temp\supoptsetup.exe

C:\Users\Tobi\AppData\Local\Temp\vcredist_x64.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-14 06:17
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by Tobi at 2015-01-20 22:33:52

Running from C:\Users\Tobi\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

ESL Wire 1.18.0 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HP ENVY 4500 series - Grundlegende Software für das Gerät (HKLM\...\{7A564D11-817E-48B1-9830-91420BF6E339}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP ENVY 4500 series Hilfe (HKLM-x32\...\{6767CCD2-B939-4542-BF08-015B5496D4EC}) (Version: 30.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

Instagram for Chrome Tabs  Instatabs (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)

Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7255 - Realtek Semiconductor Corp.)

Schoener Fernsehen 0.0.0.2c (HKLM-x32\...\Schoener Fernsehen) (Version: 0.0.0.2c - © schoener-fernsehen.com)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Studie zur Verbesserung von HP ENVY 4500 series (HKLM\...\{36E08FE6-D9FF-44EE-8AD3-EC723390DE00}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Virtual Audio Cable 4.9 (HKLM\...\Virtual Audio Cable 4.9) (Version:  - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {58569F12-E725-4CD9-BABA-281C4FB17733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)

Task: {65DF6440-4CC5-4A21-A1B2-83299C34F39F} - System32\Tasks\VTAP => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION

Task: {A9D49734-F015-4545-932F-9D013D006C70} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {AE7B5F0C-949C-4DAB-A8C3-42C38F01CB46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)

Task: {C332FAF2-2A22-4F75-AA6E-58855F505205} - System32\Tasks\USTV => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION

Task: {CEE49596-31DF-47F2-984F-D31E48E627B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\USTV.job => C:\Users\Tobi\AppData\Roaming\USTV.exe <==== ATTENTION

Task: C:\Windows\Tasks\VTAP.job => C:\Users\Tobi\AppData\Roaming\VTAP.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2014-10-19 16:02 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-01-11 21:04 - 2014-12-09 11:24 - 08871424 _____ () H:\Programme\EslWire\WireCore.dll

2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\NocIPC64.dll

2015-01-11 21:04 - 2014-12-09 11:22 - 00454656 _____ () H:\Programme\EslWire\Linesman.dll

2015-01-11 21:04 - 2014-10-09 15:23 - 00310272 _____ () H:\Programme\EslWire\laginspect\laginspect.dll

2015-01-11 21:04 - 2014-01-28 11:40 - 00663056 _____ () H:\Programme\EslWire\service\WireHelperSvc.exe

2015-01-11 21:04 - 2014-10-09 15:22 - 00214016 _____ () H:\Programme\EslWire\service\NocIPC64.dll

2014-01-19 21:26 - 2014-01-19 21:26 - 01347584 _____ () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe

2014-10-31 23:27 - 2014-10-31 23:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2014-11-20 09:23 - 2014-11-20 09:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

2015-01-15 02:52 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll

2015-01-15 02:52 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll

2015-01-15 02:52 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll

2015-01-15 02:52 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll

2015-01-15 02:52 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

2014-11-16 15:27 - 2014-01-04 01:20 - 34755072 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll

2014-11-20 07:02 - 2014-11-20 07:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll

2014-11-16 15:27 - 2014-01-04 01:20 - 00970240 _____ () C:\Users\Tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-1247221106-465103080-481791032-500 - Administrator - Disabled)

Gast (S-1-5-21-1247221106-465103080-481791032-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1247221106-465103080-481791032-1002 - Limited - Enabled)

Tobi (S-1-5-21-1247221106-465103080-481791032-1000 - Administrator - Enabled) => C:\Users\Tobi
 

==================== Faulty Device Manager Devices =============
 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: PCI-Kommunikationscontroller (einfach)

Description: PCI-Kommunikationscontroller (einfach)

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
 

System errors:

=============
 

Microsoft Office Sessions:

=========================

Error: (01/20/2015 09:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD initialization failed [6]
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 

Error: (01/20/2015 09:54:15 PM) (Source: NvStreamSvc) (EventID: 1) (User: )

Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
 

CodeIntegrity Errors:

===================================

  Date: 2015-01-20 21:54:07.368

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-20 21:54:07.368

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-20 21:15:14.493

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-20 21:15:14.478

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-19 22:21:59.103

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-19 22:21:59.103

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-18 16:46:46.134

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-18 16:46:46.119

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-15 13:05:49.072

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2015-01-15 13:05:49.056

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz

Percentage of memory in use: 45%

Total physical RAM: 8133.97 MB

Available physical RAM: 4435.94 MB

Total Pagefile: 16266.14 MB

Available Pagefile: 11965.54 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:55.68 GB) (Free:4.37 GB) NTFS

Drive d: (HP EN4500) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

Drive h: (Volume) (Fixed) (Total:1862.89 GB) (Free:1843.01 GB) NTFS

Drive i: (Transcend) (Removable) (Total:30.45 GB) (Free:9.96 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 1 (Size: 55.9 GB) (Disk ID: A81101F2)
 

Partition: GPT Partition Type.
 

========================================================

Disk: 5 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)
 

==================== End Of Log ============================

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Code:

ComboFix 15-01-18.01 - Tobi 21.01.2015  15:42:02.1.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8134.5458 [GMT 1:00]

ausgeführt von:: c:\users\Tobi\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll

c:\program files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\background.html

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\content.js

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\lsdb.js

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\manifest.json

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\CURRENT

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mipnjnddbpbdmbpjafflemfdefjlibod\LOG.old

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlmeailenhgbmejohmhdjhhnjhdcpeob\CURRENT

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mipnjnddbpbdmbpjafflemfdefjlibod_0.localstorage-journal

c:\users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Preferences

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-12-21 bis 2015-01-21  ))))))))))))))))))))))))))))))

.

.

2015-01-21 14:43 . 2015-01-21 14:43        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-01-20 21:33 . 2015-01-20 21:34        --------        d-----w-        C:\FRST

2015-01-20 20:27 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78BC052D-A221-4993-B423-C7B0B3AC603B}\mpengine.dll

2015-01-20 20:11 . 2015-01-20 20:11        --------        d-----w-        c:\windows\ERUNT

2015-01-20 14:31 . 2015-01-20 14:31        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2015-01-20 14:31 . 2015-01-20 14:31        42168        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2015-01-20 13:30 . 2015-01-20 13:30        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2015-01-19 20:28 . 2015-01-19 20:28        --------        d-----w-        c:\program files (x86)\TampaGeneration

2015-01-19 20:28 . 2015-01-19 20:28        --------        d-----w-        c:\program files (x86)\Instagram for Chrome Tabs  Instatabs

2015-01-19 20:27 . 2015-01-19 20:27        --------        d-----w-        c:\program files (x86)\Voauedix

2015-01-19 20:27 . 2015-01-19 20:27        --------        d-----w-        c:\programdata\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 20:26 . 2015-01-19 21:22        --------        d-----w-        c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 18:14 . 2014-12-02 10:26        11870360        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-01-16 12:17 . 2014-10-21 19:09        1188440        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C44FFB50-0449-45EF-B824-A1238B6BC91E}\gapaengine.dll

2015-01-11 21:33 . 2015-01-14 02:05        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-01-11 21:33 . 2015-01-14 02:05        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-01-11 21:33 . 2015-01-11 21:33        --------        d-----w-        c:\windows\SysWow64\Macromed

2015-01-11 21:33 . 2015-01-11 21:33        --------        d-----w-        c:\windows\system32\Macromed

2015-01-11 21:33 . 2015-01-11 21:35        --------        d-----w-        c:\users\Tobi\AppData\Local\Adobe

2015-01-11 20:04 . 2015-01-20 20:54        --------        d-----w-        c:\users\Tobi\AppData\Local\ESL Wire Game Client

2015-01-11 20:04 . 2015-01-11 20:04        --------        d-----w-        c:\programdata\ESL Wire

2015-01-08 21:06 . 2015-01-20 20:25        --------        d-----w-        C:\AdwCleaner

2015-01-08 21:02 . 2015-01-21 14:34        129752        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-08 21:01 . 2015-01-08 21:01        --------        d-----w-        c:\programdata\Malwarebytes

2015-01-08 21:01 . 2014-11-21 05:14        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-01-08 21:01 . 2014-11-21 05:14        93400        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-01-08 21:01 . 2014-11-21 05:14        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-01-08 20:49 . 2015-01-21 14:43        --------        d-----w-        c:\program files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90

2015-01-08 20:35 . 2015-01-08 20:48        --------        d--h--w-        c:\users\Public\Temp

2015-01-08 20:34 . 2015-01-08 21:06        --------        d-----w-        c:\users\Tobi\AppData\Local\com

2015-01-08 20:32 . 2015-01-08 20:32        --------        d-----w-        c:\users\Tobi\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-12-31 11:14 . 2010-11-21 03:27        298120        ------w-        c:\windows\system32\MpSigStub.exe

2014-11-20 08:23 . 2014-11-20 08:23        9728        ----a-w-        c:\windows\SysWow64\RzStats.IPC.dll

2014-11-10 17:11 . 2014-11-10 17:11        67584        ----a-w-        c:\windows\system32\drivers\vrtaucbl.sys

2014-10-31 22:27 . 2014-11-16 14:27        37184        ----a-w-        c:\windows\system32\drivers\rzpmgrk.sys

2014-10-23 20:05 . 2014-11-16 14:27        129600        ----a-w-        c:\windows\system32\drivers\rzpnk.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ESL Wire"="h:\programme\EslWire\wire.exe" [2014-12-09 3771904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 585536]

"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-10-07 843480]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]

.

c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Download (1).lnk - c:\programdata\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe --startup=1 [2014-1-19 1347584]

Tintenwarnungen überwachen - HP ENVY 4500 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN47G142BW060D;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 d65a1a66;TampaGeneration;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]

R2 MBAMScheduler;MBAMScheduler;h:\programme\Malwarebytes Anti-Malware\mbamscheduler.exe;h:\programme\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;h:\programme\Malwarebytes Anti-Malware\mbamservice.exe;h:\programme\Malwarebytes Anti-Malware\mbamservice.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]

S2 EslWireHelper;ESL Wire Helper Service;h:\programme\EslWire\service\WireHelperSvc.exe;h:\programme\EslWire\service\WireHelperSvc.exe [x]

S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]

S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]

S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]

S3 rzp1endpt;Razer platform 1 end point;c:\windows\system32\DRIVERS\rzp1endpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzp1endpt.sys [x]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

S3 rzvmouse;Razer Virtual Mouse;c:\windows\system32\DRIVERS\rzvmouse.sys;c:\windows\SYSNATIVE\DRIVERS\rzvmouse.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-01-15 01:52        1087816        ----a-w-        c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2015-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-11 02:05]

.

2015-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43]

.

2015-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12 14:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-05-27 7611608]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2461504]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-09-17 2799784]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.google.com

mDefault_Search_URL = www.google.com

mDefault_Page_URL = www.google.com

mStart Page = www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = www.google.com

TCP: DhcpNameServer = 217.68.161.141 217.68.161.171

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.16"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-01-21  15:44:58

ComboFix-quarantined-files.txt  2015-01-21 14:44

.

Vor Suchlauf: 4.226.965.504 Bytes frei

Nach Suchlauf: 7.130.746.880 Bytes frei

.

- - End Of File - - 5A78AF585DBB1348BC5375516866A1EA

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 21.01.2015

Suchlauf-Zeit: 18:03:13

Logdatei: mbab.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.01.21.07

Rootkit Datenbank: v2015.01.14.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Tobi
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 335615

Verstrichene Zeit: 2 Min, 33 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 1

PUP.Optional.TampaGeneration.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d65a1a66, In Quarantäne, [38d317e367222a0c2f47b1c3946f49b7], 
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 1

PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], 
 

Dateien: 1

PUP.Optional.TampaGeneration.A, C:\Program Files (x86)\TampaGeneration\TampaGeneration.dll, In Quarantäne, [3ccf09f18306a3935027c6aeb350e11f], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Code:

# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 18:31:34

# Aktualisiert 17/01/2015 von Xplode

# Database : 2015-01-18.1 [Live]

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : Tobi - TOBI-PC

# Gestartet von : C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7601.17514
 
 

-\\ Google Chrome v39.0.2171.99
 
 

-\\ Opera v0.0.0.0
 
 

*************************
 

AdwCleaner[R0].txt - [9201 octets] - [08/01/2015 22:06:37]

AdwCleaner[R1].txt - [2163 octets] - [20/01/2015 21:13:45]

AdwCleaner[R2].txt - [1651 octets] - [20/01/2015 21:25:12]

AdwCleaner[R3].txt - [1711 octets] - [21/01/2015 18:13:26]

AdwCleaner[S0].txt - [8621 octets] - [08/01/2015 22:07:16]

AdwCleaner[S1].txt - [2224 octets] - [20/01/2015 21:14:34]

AdwCleaner[S2].txt - [1632 octets] - [21/01/2015 18:31:34]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1692 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)

OS: Windows 7 Professional x64

Ran by Tobi on 21.01.2015 at 18:39:40,05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Tobi\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21.01.2015 at 18:40:49,18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Tobi (administrator) on TOBI-PC on 21-01-2015 18:41:32

Running from C:\Users\Tobi\Downloads

Loaded Profiles: Tobi (Available profiles: Tobi)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

() H:\Programme\EslWire\service\WireHelperSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk

ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171
 

FireFox:

========

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9

CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33

CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]

CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]

CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]

CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]

CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]

CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]

CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]

CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]

CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]

CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]

CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)

R2 MBAMScheduler; H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)

R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)

R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt

2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe

2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt

2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt

2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC

2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe

2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk

2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC

2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt

2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox

2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt

2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe

2015-01-20 22:33 - 2015-01-21 18:41 - 00014669 _____ () C:\Users\Tobi\Downloads\FRST.txt

2015-01-20 22:33 - 2015-01-21 18:41 - 00000000 ____D () C:\FRST

2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt

2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe

2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe

2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt

2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT

2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe

2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix

2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download

2015-01-11 22:33 - 2015-01-21 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-11 21:04 - 2015-01-21 18:32 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client

2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk

2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire

2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire

2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner

2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe

2015-01-08 22:02 - 2015-01-21 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk

2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90

2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp

2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com

2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 18:39 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 18:38 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 18:38 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 18:38 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-21 18:32 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-21 18:32 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-21 18:32 - 2010-11-21 04:47 - 00078968 _____ () C:\Windows\PFRO.log

2015-01-21 18:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-21 18:32 - 2009-07-14 05:51 - 00051511 _____ () C:\Windows\setupact.log

2015-01-21 18:31 - 2014-10-19 15:18 - 01966098 _____ () C:\Windows\WindowsUpdate.log

2015-01-21 18:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-21 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-21 16:53 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client

2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-01-20 15:09 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-20 15:02 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc

2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources

2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo

2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP

2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Tobi\AppData\Local\Temp\mirc738.exe

C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe

C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-14 06:17
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=6f6366e0417a3047be745d821c5bad48

# engine=22097

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-01-22 05:14:19

# local_time=2015-01-22 06:14:19 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 8028497 44930853 0 0

# scanned=133278

# found=17

# cleaned=0

# scan_time=1860

sh=E978937AC7FAAC9A69609B2A4A3B8E2D43466DF9 ft=1 fh=b7b8c96c17c22525 vn="Win32/Patched.NFQ Trojaner" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll"

sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js"

sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe"

sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90\aeb6e1a6-5f91-48f5-995c-2900619d0921.dll.vir"

sh=21A094C91EDB2F2A3DDB54AFEED438E3A16039AC ft=1 fh=59c9d2c7b010900a vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\AGEIA Technologies\20f6461b-1317-4e61-b54a-f33a5f69df90.dll.vir"

sh=6F8FE1A0F528E8B8E27FF778FF4D6864F64E36CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mipnjnddbpbdmbpjafflemfdefjlibod\107\x.js.vir"

sh=D55D56AFF6519D4409C8347096A219CB96F987CE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\Users\All Users\pnkaiaejddfgepbbllfamkjefojllcoi\OtI.js"

sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\All Users\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe"

sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\USTV"

sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\VTAP"

sh=D6EB15ADEFE8BE7E36D184AD86DE9CA457095C7E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js"

sh=5DD4EBBF5FC3179CA01912B6454B022681A8D254 ft=1 fh=9db60c754dc31509 vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe"

sh=8BD0B914E8D2EF691BE987D70CA819761A687D1C ft=1 fh=c71c001166f4e188 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download (1).exe"

sh=0D7ED6BAFEBF6B7F5CC1680CAC02428F62A35612 ft=1 fh=742db127c3faaf99 vn="Variante von Win32/Adware.MultiPlug.DP Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Download.exe"

sh=F67D88584F3F2F9513D1A102F64DB8A21996E726 ft=1 fh=6d4effb5e0baec6a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe"

sh=C1CC73B99E66C936041706413ED28B9DCD897867 ft=1 fh=7805ddc9e3baadcc vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Adware.MultiPlug.ED Anwendung" ac=I fn="${Memory}"

Code:

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

 Antivirus up to date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Google Chrome (39.0.2171.95) 

 Google Chrome (39.0.2171.99) 
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Tobi (administrator) on TOBI-PC on 22-01-2015 18:40:29

Running from C:\Users\Tobi\Downloads

Loaded Profiles: Tobi (Available profiles: Tobi)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

() H:\Programme\EslWire\service\WireHelperSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe

() C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk

ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171
 

FireFox:

========

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR DefaultSearchKeyword: Default -> 66BDAEADE98EDC3356B789E6ED77674DAD506A9A605E861C5802E59ED79C6DC9

CHR DefaultSearchURL: Default -> E211984B217D9EB92449B5231BB746E7E74945700D008ADBA83F129A942CDD33

CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]

CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]

CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]

CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]

CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]

CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]

CHR Extension: (AdBlock) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-19]

CHR Extension: (AntiGameOrigin) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-01-04]

CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]

CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]

CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)

S2 MBAMScheduler; H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)

R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)

R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe

2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe

2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt

2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe

2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt

2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt

2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC

2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe

2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk

2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC

2015-01-21 15:44 - 2015-01-21 15:44 - 00019856 _____ () C:\ComboFix.txt

2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox

2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt

2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe

2015-01-20 22:33 - 2015-01-22 18:40 - 00014785 _____ () C:\Users\Tobi\Downloads\FRST.txt

2015-01-20 22:33 - 2015-01-22 18:40 - 00000000 ____D () C:\FRST

2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt

2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe

2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe

2015-01-20 21:11 - 2015-01-20 21:11 - 00001790 _____ () C:\sc-cleaner.txt

2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT

2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe

2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix

2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download

2015-01-11 22:33 - 2015-01-22 18:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-11 22:33 - 2015-01-14 03:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-11 22:33 - 2015-01-14 03:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-11 22:33 - 2015-01-14 03:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-11 21:04 - 2015-01-21 22:07 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client

2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk

2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire

2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire

2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner

2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe

2015-01-08 22:02 - 2015-01-22 14:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk

2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90

2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp

2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com

2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-22 17:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-22 16:47 - 2014-10-19 15:18 - 01226182 _____ () C:\Windows\WindowsUpdate.log

2015-01-22 15:48 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-21 22:16 - 2009-07-14 05:51 - 00051735 _____ () C:\Windows\setupact.log

2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-21 22:07 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-21 22:07 - 2010-11-21 04:47 - 00079318 _____ () C:\Windows\PFRO.log

2015-01-21 22:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-21 21:58 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client

2015-01-21 21:02 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc

2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources

2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo

2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

==================== Files in the root of some directories =======

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\USTV

2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Tobi\AppData\Roaming\VTAP

2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

Some content of TEMP:

====================

C:\Users\Tobi\AppData\Local\Temp\mirc738.exe

C:\Users\Tobi\AppData\Local\Temp\Quarantine.exe

C:\Users\Tobi\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-14 06:17
 

==================== End Of Log ============================

--- --- ---

Die Werbung ist weg. Danke!
Hab eben nur unter C:/Programme(x86) einen Ordner Voauedix entdeckt.
Darin ist eine .exe und eine .dat Datei entdeckt. Kann ich diesen Ordner jetzt einfach löschen?

Zitat:

Darin ist eine .exe und eine .dat Datei entdeckt. Kann ich diesen Ordner jetzt einfach löschen?

Mach ich jetzt.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll
 

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
 

C:\Users\Tobi\AppData\Roaming\USTV
 

C:\Users\Tobi\AppData\Roaming\VTAP
 

C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js
 

C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe
 

C:\Users\Tobi\Downloads\Download (1).exe
 

C:\Users\Tobi\Downloads\Download.exe
 

C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe
 

C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk

ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix

2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

Ran by Tobi at 2015-01-23 14:29:16 Run:1

Running from C:\Users\Tobi\Downloads

Loaded Profiles: Tobi (Available profiles: Tobi)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll
 

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi
 

C:\Users\Tobi\AppData\Roaming\USTV
 

C:\Users\Tobi\AppData\Roaming\VTAP
 

C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js
 

C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe
 

C:\Users\Tobi\Downloads\Download (1).exe
 

C:\Users\Tobi\Downloads\Download.exe
 

C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe
 

C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk

ShortcutTarget: Download (1).lnk -> C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe ()

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

CHR Extension: (Voauedix) - C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ [2014-10-19]

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi

2015-01-19 21:27 - 2015-01-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Voauedix

2015-01-19 21:26 - 2015-01-19 22:22 - 00000000 ____D () C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}

2015-01-19 21:26 - 2015-01-19 21:26 - 01347584 _____ () C:\Users\Tobi\Downloads\Download (1).exe

2015-01-19 17:35 - 2015-01-19 17:35 - 00085412 _____ () C:\Users\Tobi\Downloads\Download

Emptytemp:

         

*****************
 

"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll" => File/Directory not found.

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi => Moved successfully.

C:\Users\Tobi\AppData\Roaming\USTV => Moved successfully.

C:\Users\Tobi\AppData\Roaming\VTAP => Moved successfully.

C:\Users\Tobi\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk\1.26.88_0\extensionData\plugins\91.js => Moved successfully.

C:\Users\Tobi\Downloads\BlueStacks-SplitInstaller_native_CB-DL-Manager.exe => Moved successfully.

C:\Users\Tobi\Downloads\Download (1).exe => Moved successfully.

C:\Users\Tobi\Downloads\Download.exe => Moved successfully.

C:\Users\Tobi\Downloads\Virtual Audio Cable - CHIP-Installer.exe => Moved successfully.

C:\Users\Tobi\Downloads\vlc-2.1.5-win32.exe => Moved successfully.

C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download (1).lnk => Moved successfully.

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).exe => Moved successfully.
 

"C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move:
 

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\5d7f2dabbaffce09 => Moved successfully.

Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot.

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\Download (1).dat => Moved successfully.

Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot.
 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKU\S-1-5-21-1247221106-465103080-481791032-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi\ directory not found.

"C:\ProgramData\pnkaiaejddfgepbbllfamkjefojllcoi" => File/Directory not found.

C:\Program Files (x86)\Voauedix => Moved successfully.
 

"C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory move:
 

Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd" => Scheduled to move on reboot.

Could not move "C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}" directory. => Scheduled to move on reboot.
 

"C:\Users\Tobi\Downloads\Download (1).exe" => File/Directory not found.

C:\Users\Tobi\Downloads\Download => Moved successfully.

EmptyTemp: => Removed 847.3 MB temporary data.
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-23 14:31:33)<=
 

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully.

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully.

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0}\90828bfe9d2b29dd => Is moved successfully.

C:\ProgramData\{5a2f7568-1f11-941a-5a2f-f75681f1d5a0} => Is moved successfully.
 

==== End of Fixlog 14:31:33 ====

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Tobi (administrator) on TOBI-PC on 23-01-2015 14:32:01

Running from C:\Users\Tobi\Downloads

Loaded Profiles: Tobi &  (Available profiles: Tobi)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

() H:\Programme\EslWire\service\WireHelperSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) H:\Programme\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Turtle Entertainment GmbH) H:\Programme\EslWire\wire.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe

(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe

(Razer, Inc.) C:\Users\Tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKU\S-1-5-21-1247221106-465103080-481791032-1000\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)

HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ESL Wire] => H:\Programme\EslWire\wire.exe [3771904 2014-12-09] (Turtle Entertainment GmbH)

Startup: C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP ENVY 4500 series.lnk

ShortcutTarget: Tintenwarnungen überwachen - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-1247221106-465103080-481791032-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1247221106-465103080-481791032-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 217.68.161.141 217.68.161.171
 

FireFox:

========

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.de/

CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48"

CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]

CHR Extension: (Google Docs) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]

CHR Extension: (Google Drive) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]

CHR Extension: (YouTube) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]

CHR Extension: (Google-Suche) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]

CHR Extension: (Google Tabellen) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]

CHR Extension: (Google Wallet) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]

CHR Extension: (Google Mail) - C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

R2 EslWireHelper; H:\Programme\EslWire\service\WireHelperSvc.exe [663056 2014-01-28] ()

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-17] (NVIDIA Corporation)

R2 MBAMScheduler; H:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; H:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation)

R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

S3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [67584 2014-11-10] (Eugene V. Muzychenko) [File not signed]

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-09-05] (Razer Inc)

R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)

R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)

R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)

R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)

S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-09-05] (Razer Inc)

R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-23 14:28 - 2015-01-23 14:17 - 00001704 _____ () C:\fixlist.txt

2015-01-23 14:23 - 2015-01-23 14:23 - 00002247 _____ () C:\Users\Tobi\Desktop\Google Chrome.lnk

2015-01-23 14:23 - 2015-01-23 14:23 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-23 14:18 - 2015-01-23 14:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tobi\Downloads\revosetup95.exe

2015-01-23 14:18 - 2015-01-23 14:18 - 00000729 _____ () C:\Users\Tobi\Desktop\Revo Uninstaller.lnk

2015-01-23 14:17 - 2015-01-23 14:17 - 00001704 _____ () C:\Users\Tobi\Desktop\Fixlist.txt

2015-01-22 17:41 - 2015-01-22 17:41 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck (1).exe

2015-01-22 17:40 - 2015-01-22 17:40 - 02347384 _____ (ESET) C:\Users\Tobi\Downloads\esetsmartinstaller_deu.exe

2015-01-22 17:40 - 2015-01-22 17:40 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-21 18:40 - 2015-01-21 18:40 - 00000922 _____ () C:\Users\Tobi\Desktop\JRT.txt

2015-01-21 18:39 - 2015-01-21 18:39 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT (1).exe

2015-01-21 18:37 - 2015-01-21 18:37 - 00001772 _____ () C:\Users\Tobi\Desktop\AdwCleaner[S2].txt

2015-01-21 18:06 - 2015-01-21 18:06 - 00001492 _____ () C:\Users\Tobi\Desktop\mbam.txt

2015-01-21 17:52 - 2015-01-21 18:13 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\mIRC

2015-01-21 17:52 - 2015-01-21 17:52 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Tobi\Downloads\mirc738.exe

2015-01-21 17:52 - 2015-01-21 17:52 - 00000628 _____ () C:\Users\Public\Desktop\mIRC.lnk

2015-01-21 17:52 - 2015-01-21 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC

2015-01-21 15:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-21 15:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-21 15:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-21 15:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-21 15:39 - 2015-01-21 15:45 - 00000000 ____D () C:\Qoobox

2015-01-21 15:39 - 2015-01-21 15:44 - 00000000 ____D () C:\Windows\erdnt

2015-01-21 15:35 - 2015-01-21 15:35 - 05608785 ____R (Swearware) C:\Users\Tobi\Downloads\ComboFix.exe

2015-01-20 22:33 - 2015-01-23 14:32 - 00013574 _____ () C:\Users\Tobi\Downloads\FRST.txt

2015-01-20 22:33 - 2015-01-23 14:32 - 00000000 ____D () C:\FRST

2015-01-20 22:33 - 2015-01-20 22:34 - 00019780 _____ () C:\Users\Tobi\Downloads\Addition.txt

2015-01-20 22:33 - 2015-01-20 22:33 - 02126848 _____ (Farbar) C:\Users\Tobi\Downloads\FRST64.exe

2015-01-20 21:24 - 2015-01-20 21:24 - 00852504 _____ () C:\Users\Tobi\Downloads\SecurityCheck.exe

2015-01-20 21:11 - 2015-01-20 21:11 - 00000000 ____D () C:\Windows\ERUNT

2015-01-20 21:10 - 2015-01-20 21:11 - 02186752 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.108.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 01707939 _____ (Thisisu) C:\Users\Tobi\Downloads\JRT.exe

2015-01-20 21:10 - 2015-01-20 21:11 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Tobi\Downloads\sc-cleaner.exe

2015-01-20 14:28 - 2015-01-20 14:28 - 00037888 _____ () C:\Users\Tobi\Downloads\tempDownload_1bcb678d-b7a1-4a25-9688-fb0a367ca006_1412572857279

2015-01-19 21:28 - 2015-01-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Instagram for Chrome Tabs  Instatabs

2015-01-11 22:33 - 2015-01-23 13:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-11 22:33 - 2015-01-22 21:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-11 22:33 - 2015-01-22 21:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-11 22:33 - 2015-01-22 21:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-11 22:33 - 2015-01-11 22:35 - 00000000 ____D () C:\Users\Tobi\AppData\Local\Adobe

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-11 22:33 - 2015-01-11 22:33 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-11 21:04 - 2015-01-23 14:31 - 00000000 ____D () C:\Users\Tobi\AppData\Local\ESL Wire Game Client

2015-01-11 21:04 - 2015-01-11 21:05 - 00000645 _____ () C:\Users\Public\Desktop\ESL Wire.lnk

2015-01-11 21:04 - 2015-01-11 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire

2015-01-11 21:04 - 2015-01-11 21:04 - 00000000 ____D () C:\ProgramData\ESL Wire

2015-01-08 22:06 - 2015-01-21 18:31 - 00000000 ____D () C:\AdwCleaner

2015-01-08 22:05 - 2015-01-08 22:05 - 02191360 _____ () C:\Users\Tobi\Downloads\AdwCleaner_4.107.exe

2015-01-08 22:02 - 2015-01-23 14:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-08 22:01 - 2015-01-08 22:01 - 00000737 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-08 22:01 - 2015-01-08 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-08 22:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-08 22:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-08 22:00 - 2015-01-08 22:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tobi\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-08 21:52 - 2015-01-08 21:54 - 00002192 _____ () C:\Users\Tobi\Desktop\chrome.lnk

2015-01-08 21:49 - 2015-01-21 15:43 - 00000000 ____D () C:\Program Files (x86)\20f6461b-1317-4e61-b54a-f33a5f69df90

2015-01-08 21:35 - 2015-01-08 21:48 - 00000000 ___HD () C:\Users\Public\Temp

2015-01-08 21:34 - 2015-01-08 22:06 - 00000000 ____D () C:\Users\Tobi\AppData\Local\com

2015-01-07 21:53 - 2015-01-07 21:53 - 00004456 _____ () C:\Users\Tobi\Downloads\zonixx-CFG+video+DMcfg.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-23 14:30 - 2014-11-12 15:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-23 14:30 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-23 14:30 - 2014-10-19 15:18 - 01470963 _____ () C:\Windows\WindowsUpdate.log

2015-01-23 14:30 - 2010-11-21 04:47 - 00080492 _____ () C:\Windows\PFRO.log

2015-01-23 14:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-23 14:30 - 2009-07-14 05:51 - 00052015 _____ () C:\Windows\setupact.log

2015-01-23 13:48 - 2014-11-12 15:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-22 19:51 - 2014-10-19 16:18 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\TS3Client

2015-01-22 19:06 - 2014-10-19 16:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 22:14 - 2009-07-14 05:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 22:13 - 2011-04-12 08:43 - 00691940 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 22:13 - 2011-04-12 08:43 - 00145538 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 22:13 - 2009-07-14 06:13 - 01599026 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-21 20:58 - 2014-10-19 19:51 - 00000000 ____D () C:\Users\Tobi\AppData\Roaming\vlc

2015-01-21 18:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2015-01-21 15:44 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-01-21 15:44 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-21 15:43 - 2014-10-19 16:02 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2015-01-20 14:28 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-01-19 22:21 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-01-09 07:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources

2015-01-08 21:50 - 2014-11-05 13:18 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2015-01-08 21:40 - 2014-10-19 15:18 - 00001439 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-08 21:40 - 2014-10-19 15:18 - 00001405 _____ () C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-01-04 05:02 - 2014-10-22 18:03 - 00000000 ____D () C:\Users\Tobi\Desktop\Tattoo

2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

==================== Files in the root of some directories =======

2014-11-20 21:48 - 2014-11-20 21:48 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-10-19 15:51 - 2014-10-19 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-14 06:17
 

==================== End Of Log ============================

--- --- ---

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.