Trojaner-Board - Windows 7 hartnäckiger Virus

Fixlog

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

Ran by Admin at 2015-01-21 21:17:15 Run:3

Running from C:\Users\Admin\Downloads

Loaded Profiles: Admin (Available profiles: Admin)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [HDRealtek_Audio] => C:\ProgramData\Realtek\xsljqlotg.exe [353792 2015-01-13] (Microsoft Corporation)

C:\ProgramData\Realtek\xsljqlotg.exe

C:\Users\Admin\AppData\Local\win32ehdrminitRec

C:\Windows\SysWOW64\rootmsmpeg2vdecMonitor

C:\Users\Admin\AppData\Local\keyboardcercredSched

C:\Windows\SysWOW64\desktopwdmaudProvider

*****************
 

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HDRealtek_Audio => value deleted successfully.

Could not move "C:\ProgramData\Realtek\xsljqlotg.exe" => Scheduled to move on reboot.

"C:\Users\Admin\AppData\Local\win32ehdrminitRec" => File/Directory not found.

C:\Windows\SysWOW64\rootmsmpeg2vdecMonitor => Moved successfully.

C:\Users\Admin\AppData\Local\keyboardcercredSched => Moved successfully.

C:\Windows\SysWOW64\desktopwdmaudProvider => Moved successfully.
 

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 21:21:12)<=
 

C:\ProgramData\Realtek\xsljqlotg.exe => Is moved successfully.
 

==== End of Fixlog 21:21:12 ====

GMER

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-01-21 21:37:53

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e TOSHIBA_ rev.MS2O 931,51GB

Running: 8utz339k.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[2600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                0000000073d71a22 2 bytes [D7, 73]

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                0000000073d71ad0 2 bytes [D7, 73]

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                0000000073d71b08 2 bytes [D7, 73]

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                0000000073d71bba 2 bytes [D7, 73]

.text  C:\Windows\SysWOW64\PnkBstrA.exe[2812] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                0000000073d71bda 2 bytes [D7, 73]

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69            0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155           0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[6064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[5412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000076e61465 2 bytes [E6, 76]

.text  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[7044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000076e614bb 2 bytes [E6, 76]

.text  ...                                                                                                                                                    * 2
 

---- Registry - GMER 2.1 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\services\MBAMSwissArmy@Start                                                                                             3

Reg    HKLM\SYSTEM\CurrentControlSet\services\MBAMSwissArmy                                                                                                   
 

---- EOF - GMER 2.1 ----

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Admin (administrator) on ADMIN-PC on 21-01-2015 21:39:59

Running from C:\Users\Admin\Downloads

Loaded Profiles: Admin (Available profiles: Admin)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

() C:\Users\Admin\Downloads\8utz339k.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)

HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [454248 2013-08-02] (CANON INC.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\Run: [HDRealtek_Audio] => "C:\ProgramData\Realtek\xsljqlotg.exe"

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2266551883-2310591651-913177673-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKU\S-1-5-21-2266551883-2310591651-913177673-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s9xzam76.default-1421852547514

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()

FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-2266551883-2310591651-913177673-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Extension: Adblock Edge - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s9xzam76.default-1421852547514\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-01-21]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Präsentationen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]

CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]

CHR Extension: (Google Tabellen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-20] (EasyAntiCheat Ltd)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3191392 2014-05-15] (INCA Internet Co., Ltd.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-12-01] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-08-10] (AVG Technologies)

R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation)

U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-05-14] (Realtek Semiconductor Corporation                           )

R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)

R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)

R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)

R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

U3 aglorpod; \??\C:\Users\Admin\AppData\Local\Temp\aglorpod.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-21 21:37 - 2015-01-21 21:37 - 00008790 _____ () C:\Users\Admin\Desktop\gmer.log

2015-01-21 21:22 - 2015-01-21 21:22 - 00380416 _____ () C:\Users\Admin\Downloads\8utz339k.exe

2015-01-21 21:22 - 2015-01-21 21:22 - 00001450 _____ () C:\Users\Admin\Desktop\Neues Textdokument (2).txt

2015-01-21 20:08 - 2015-01-21 20:08 - 00001200 _____ () C:\Users\Admin\Desktop\mbam.txt

2015-01-21 19:45 - 2015-01-21 19:45 - 00000770 _____ () C:\Users\Admin\Desktop\JRT.txt

2015-01-21 19:38 - 2015-01-21 19:38 - 00000000 ____D () C:\Windows\ERUNT

2015-01-21 19:31 - 2015-01-21 19:31 - 01707939 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe

2015-01-21 19:30 - 2015-01-21 19:30 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108 (1).exe

2015-01-21 19:29 - 2015-01-21 19:29 - 01039251 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe

2015-01-21 19:15 - 2015-01-21 19:15 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2015-01-21 19:15 - 2015-01-21 19:15 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk

2015-01-21 19:14 - 2015-01-21 19:15 - 07822880 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup.exe

2015-01-21 19:06 - 2015-01-21 19:06 - 00028736 _____ () C:\ComboFix.txt

2015-01-21 18:57 - 2015-01-21 19:06 - 00000000 ____D () C:\ComboFix

2015-01-21 18:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-01-21 18:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-01-21 18:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-01-21 18:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-01-21 18:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-01-21 18:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-01-21 18:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-01-21 18:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-01-21 18:53 - 2015-01-21 19:06 - 00000000 ____D () C:\Qoobox

2015-01-21 18:52 - 2015-01-21 19:05 - 00000000 ____D () C:\Windows\erdnt

2015-01-21 18:51 - 2015-01-21 18:51 - 05608785 ____R (Swearware) C:\Users\Admin\Downloads\ComboFix.exe

2015-01-21 17:24 - 2015-01-21 21:40 - 00020384 _____ () C:\Users\Admin\Downloads\FRST.txt

2015-01-21 17:24 - 2015-01-21 21:40 - 00000000 ____D () C:\FRST

2015-01-21 17:24 - 2015-01-21 17:25 - 00032504 _____ () C:\Users\Admin\Downloads\Addition.txt

2015-01-21 17:23 - 2015-01-21 17:23 - 02126848 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe

2015-01-21 17:18 - 2015-01-21 17:18 - 02953520 _____ (AVAST Software) C:\Users\Admin\Downloads\avast-browser-cleanup_9.0.0.224.exe

2015-01-21 16:28 - 2015-01-21 16:28 - 00015680 _____ () C:\Users\Admin\Desktop\install.txt

2015-01-21 16:13 - 2015-01-21 16:13 - 00000000 ____D () C:\Users\Admin\mbar

2015-01-21 16:12 - 2015-01-21 16:12 - 09700640 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.3.1004.exe

2015-01-21 15:58 - 2015-01-21 15:58 - 01188194 _____ () C:\Users\Admin\Downloads\ProcessExplorer.zip

2015-01-21 15:58 - 2015-01-21 15:58 - 00000000 ____D () C:\Users\Admin\Downloads\ProcessExplorer

2015-01-21 15:54 - 2015-01-21 15:54 - 00000000 ____D () C:\zoek_backup

2015-01-21 15:42 - 2015-01-21 19:34 - 00149496 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-21 15:40 - 2015-01-21 21:18 - 00000840 _____ () C:\Windows\setupact.log

2015-01-21 15:40 - 2015-01-21 19:32 - 05165816 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-21 15:40 - 2015-01-21 19:32 - 00001532 _____ () C:\Windows\PFRO.log

2015-01-21 15:40 - 2015-01-21 15:40 - 00000000 _____ () C:\Windows\setuperr.log

2015-01-21 15:35 - 2015-01-21 15:35 - 02186752 _____ () C:\Users\Admin\Downloads\adwcleaner_4.108.exe

2015-01-21 15:32 - 2015-01-21 15:32 - 03007700 _____ () C:\Users\Admin\Downloads\revouninstaller.zip

2015-01-21 14:29 - 2015-01-21 21:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-21 14:29 - 2015-01-21 14:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-21 14:29 - 2015-01-21 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-21 14:28 - 2015-01-21 14:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-21 14:28 - 2015-01-21 14:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-21 14:28 - 2015-01-21 14:28 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-21 14:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-21 14:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-21 14:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-21 14:14 - 2015-01-21 14:14 - 00000000 ____D () C:\Program Files (x86)\Google Translate

2015-01-21 14:13 - 2015-01-21 14:13 - 00000000 ____D () C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp

2015-01-21 14:13 - 2015-01-21 14:13 - 00000000 ____D () C:\Program Files (x86)\unniSaales

2015-01-20 17:55 - 2015-01-21 21:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-20 17:55 - 2015-01-20 17:55 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-20 17:55 - 2015-01-20 17:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-20 17:55 - 2015-01-20 17:55 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-20 17:55 - 2015-01-20 17:55 - 00000000 ____D () C:\ProgramData\McAfee

2015-01-18 20:43 - 2015-01-18 20:43 - 00000000 ____D () C:\Users\Admin\Downloads\CS GO GiveWay

2015-01-18 14:39 - 2015-01-21 14:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ED5DD71E-4715-4127-92F3-4D2E6488B55F

2015-01-17 14:31 - 2015-01-17 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-16 15:36 - 2015-01-16 15:36 - 00000000 ___HD () C:\Users\Public\Temp

2015-01-14 14:05 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-14 14:05 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-14 14:05 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-14 14:05 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-14 14:05 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-14 14:05 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-14 14:05 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-14 14:05 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-14 14:05 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-14 14:05 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-14 14:05 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-14 14:05 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-14 14:05 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-13 16:17 - 2015-01-21 21:17 - 00000000 __SHD () C:\ProgramData\Realtek

2015-01-09 17:52 - 2015-01-09 17:52 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList

2015-01-02 18:20 - 2015-01-03 14:47 - 22764208 _____ () C:\Users\Admin\Desktop\TechnicLauncher.exe

2015-01-02 17:03 - 2015-01-03 14:39 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.technic

2015-01-02 16:43 - 2015-01-02 16:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-01-02 16:43 - 2015-01-02 16:43 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-01-02 16:43 - 2015-01-02 16:43 - 00000000 ____D () C:\Program Files\CCleaner

2015-01-02 16:30 - 2015-01-02 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2015-01-02 16:24 - 2015-01-02 14:27 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2015-01-02 16:24 - 2015-01-02 14:27 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2015-01-02 16:24 - 2015-01-02 14:27 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2015-01-02 14:31 - 2015-01-02 14:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\java

2015-01-02 14:27 - 2015-01-02 14:27 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-01-02 14:26 - 2015-01-02 16:30 - 00000000 ____D () C:\Program Files\Java

2015-01-02 14:23 - 2015-01-02 14:23 - 01174352 _____ () C:\Users\Admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe

2015-01-02 13:47 - 2015-01-02 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-02 13:47 - 2015-01-02 13:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2015-01-02 13:47 - 2015-01-02 13:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2015-01-02 13:47 - 2015-01-02 13:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2015-01-02 13:47 - 2015-01-02 13:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-02 13:47 - 2015-01-02 13:47 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-31 17:41 - 2014-12-31 17:42 - 00060344 _____ () C:\Users\Admin\Documents\ts3_clientui-win64-1407159763-2014-12-31 17_41_48.788132.dmp

2014-12-31 15:14 - 2015-01-09 20:05 - 00000000 ____D () C:\Users\Admin\Documents\DragonNest

2014-12-30 19:21 - 2015-01-11 19:03 - 00000000 ____D () C:\Users\Admin\Desktop\Lukas Handy

2014-12-27 22:30 - 2014-12-29 19:57 - 00000000 ____D () C:\Users\Admin\Documents\SCANIA Truck Driving Simulator

2014-12-27 17:41 - 2014-12-27 17:43 - 00000923 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk

2014-12-27 15:02 - 2014-12-27 15:02 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-12-27 14:55 - 2014-12-27 14:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\globalip

2014-12-27 14:52 - 2014-12-27 14:53 - 00674881 _____ () C:\Users\Admin\Downloads\vpnautoconnect.zip
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-01-21 21:27 - 2014-09-03 17:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-21 21:26 - 2009-07-14 05:45 - 00035648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-21 21:26 - 2009-07-14 05:45 - 00035648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-21 21:23 - 2014-06-25 07:47 - 01417276 _____ () C:\Windows\WindowsUpdate.log

2015-01-21 21:20 - 2014-09-03 17:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-21 21:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-21 21:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-21 21:17 - 2014-06-25 08:12 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-01-21 21:07 - 2014-06-25 17:40 - 00700906 _____ () C:\Windows\system32\perfh007.dat

2015-01-21 21:07 - 2014-06-25 17:40 - 00150286 _____ () C:\Windows\system32\perfc007.dat

2015-01-21 21:07 - 2009-07-14 06:13 - 01625650 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-21 21:03 - 2014-08-09 13:18 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-21 21:00 - 2014-08-09 13:44 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client

2015-01-21 20:58 - 2014-10-19 10:11 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps

2015-01-21 19:31 - 2014-11-24 23:47 - 00000000 ____D () C:\AdwCleaner

2015-01-21 19:06 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-01-21 19:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-01-21 18:29 - 2014-09-03 17:09 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-21 18:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-21 18:22 - 2014-09-03 17:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-21 18:22 - 2014-09-03 17:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-21 18:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2015-01-21 16:15 - 2014-08-09 13:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype

2015-01-21 16:13 - 2014-06-25 07:47 - 00000000 ____D () C:\Users\Admin

2015-01-21 16:02 - 2014-11-12 16:40 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten

2015-01-21 14:57 - 2014-10-28 13:51 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840

2015-01-21 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2015-01-21 14:03 - 2014-06-25 08:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SoftGrid Client

2015-01-21 13:56 - 2014-09-03 19:08 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe

2015-01-20 16:59 - 2014-11-29 17:59 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2015-01-20 16:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2015-01-19 17:45 - 2014-08-09 13:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft

2015-01-18 16:27 - 2014-11-30 12:03 - 00000000 ____D () C:\Users\Admin\Desktop\Spiele

2015-01-18 16:24 - 2014-09-19 17:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-01-18 14:28 - 2014-08-09 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-16 18:50 - 2014-09-19 20:24 - 00000000 ____D () C:\Program Files\WinRAR

2015-01-16 15:53 - 2014-09-06 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2015-01-16 15:53 - 2014-09-02 21:30 - 00000000 ____D () C:\Windows\Minidump

2015-01-14 14:20 - 2014-06-25 11:37 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-14 14:17 - 2014-06-25 11:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-05 11:26 - 2014-08-18 15:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\Windows Live

2015-01-02 16:56 - 2014-08-13 16:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer

2015-01-02 16:55 - 2014-06-25 17:41 - 00000000 ____D () C:\Windows\Panther

2015-01-02 14:27 - 2014-08-09 13:05 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-01 12:13 - 2014-11-30 12:00 - 00000000 ____D () C:\Users\Admin\Desktop\Bearbeitung

2015-01-01 12:13 - 2014-10-12 20:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Audacity

2015-01-01 11:29 - 2014-09-17 12:10 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-01 11:29 - 2014-08-09 13:13 - 00000000 ____D () C:\ProgramData\Skype

2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-12-27 17:43 - 2014-09-02 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

2014-12-27 17:43 - 2014-09-02 12:07 - 00000000 ____D () C:\Program Files\MotioninJoy

2014-12-24 09:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
 

==================== Files in the root of some directories =======

2014-08-10 14:16 - 2014-09-04 16:04 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml

2014-09-04 11:42 - 2014-09-04 11:42 - 0000112 _____ () C:\Users\Admin\AppData\Roaming\JP2K CS6 Prefs

2014-10-27 17:36 - 2014-10-28 20:36 - 0000060 _____ () C:\Users\Admin\AppData\Roaming\WB.CFG

2014-06-25 07:54 - 2014-06-25 07:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-31 12:54
 

==================== End Of Log ============================

--- --- ---

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by Admin at 2015-01-21 21:40:27

Running from C:\Users\Admin\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.2 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.1 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)

AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)

Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 4.3.383.130.19 - Infernum Productions AG)

Bus-Simulator 2012 (HKLM-x32\...\Steam App 253770) (Version:  - TML Studios)

Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)

Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )

Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)

Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)

Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)

Camtasia Studio 8 (HKLM-x32\...\{FB05EAA3-D938-4EDA-9A38-88543E52680C}) (Version: 8.4.3.1792 - TechSmith Corporation)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)

Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)

Canon MX470 series Benutzerregistrierung (HKLM-x32\...\Canon MX470 series Benutzerregistrierung) (Version:  - *Canon Inc.)

Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.)

Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)

Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

Chaos Domain (HKLM-x32\...\Steam App 287100) (Version:  - Holy Warp)

Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)

Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dizzel (HKLM-x32\...\Steam App 315640) (Version:  - NSStudio)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version:  - Eyedentity Games)

Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)

Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Translate (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Hazard Ops (HKLM-x32\...\Steam App 319150) (Version:  - Yingpei Games)

Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)

Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)

Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )

League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.6129.5001 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)

NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)

NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)

NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)

paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)

PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)

Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)

Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)

Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)

Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version:  - SCS Software)

SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )

SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

The Culling Of The Cows (HKLM-x32\...\Steam App 297020) (Version:  - Decaying Logic)

TP-LINK TL-WN821N Driver (HKLM-x32\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)

Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)

Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden

Trapcode Suite v12.1.5 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.5 - Red Giant, LLC)

Unity Web Player (HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)

Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

World of Tanks (HKU\S-1-5-21-2266551883-2310591651-913177673-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

X-Mouse Button Control 2.7 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.7 - Highresolution Enterprises)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

18-01-2015 20:01:53 Windows-Sicherung

21-01-2015 18:57:22 ComboFix created restore point
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2015-01-21 19:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {171C931F-5932-42F7-8E5E-3E8C5F9D102B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {3919E99A-4003-4356-AC2A-956780F46E8E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {3957E5D0-2C60-4A25-B8DB-8B68FB616D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)

Task: {3CC2EBD0-7D2C-4151-A6EF-8C45A747B8B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-03] (Google Inc.)

Task: {401546A1-B3CC-4E5F-B0B6-984BC9501B2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20] (Adobe Systems Incorporated)

Task: {42DA083D-AD74-4504-BC89-6F81E0082BD7} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe [2014-07-09] ()

Task: {639BA56A-CE23-41F6-8BBE-0ECE75609953} - System32\Tasks\{DE72BA9B-F7D0-4BA0-8265-2C2E3DFF118A} => pcalua.exe -a "C:\Users\Admin\AppData\Roaming\Security Systems\uninstall.exe"

Task: {65D86624-A989-4AD1-9CDE-FC7AE7786967} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {91C0E5DF-A009-48E8-90E5-72CC831066B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe

Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe

Task: {ED23D713-98C0-4799-83A1-5BB6C2AE70E5} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-06-25 08:12 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-06-25 07:50 - 2013-05-07 08:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

2014-11-29 20:41 - 2013-06-28 07:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2014-12-01 18:23 - 2014-12-01 18:23 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll

2014-07-16 10:05 - 2014-07-16 10:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

2015-01-21 21:22 - 2015-01-21 21:22 - 00380416 _____ () C:\Users\Admin\Downloads\8utz339k.exe

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-06-25 07:50 - 2015-01-21 21:18 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll

2014-06-25 07:50 - 2013-05-07 08:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

2014-06-25 07:57 - 2013-09-16 11:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll

2014-08-09 13:17 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

2015-01-17 14:31 - 2015-01-17 14:31 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll

2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Admin (S-1-5-21-2266551883-2310591651-913177673-1000 - Administrator - Enabled) => C:\Users\Admin

Administrator (S-1-5-21-2266551883-2310591651-913177673-500 - Administrator - Disabled)

Gast (S-1-5-21-2266551883-2310591651-913177673-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (01/21/2015 09:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 09:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 08:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153

Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4

Ausnahmecode: 0x80000003

Fehleroffset: 0x00001425

ID des fehlerhaften Prozesses: 0x1a68

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3
 

Error: (01/21/2015 07:37:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern zu überwachen.
 

Error: (01/21/2015 07:33:28 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description: 0x80070020
 

Error: (01/21/2015 06:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 04:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: procexp64.exe, Version: 16.4.0.0, Zeitstempel: 0x5404afa3

Name des fehlerhaften Moduls: procexp64.exe, Version: 16.4.0.0, Zeitstempel: 0x5404afa3

Ausnahmecode: 0xc0000417

Fehleroffset: 0x00000000000a4c05

ID des fehlerhaften Prozesses: 0x12d4

Startzeit der fehlerhaften Anwendung: 0xprocexp64.exe0

Pfad der fehlerhaften Anwendung: procexp64.exe1

Pfad des fehlerhaften Moduls: procexp64.exe2

Berichtskennung: procexp64.exe3
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Kontext: Windows Anwendung
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
 

System errors:

=============

Error: (01/21/2015 09:20:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 

%%1056
 

Error: (01/21/2015 09:20:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 

%%1056
 

Error: (01/21/2015 09:19:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/21/2015 09:18:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "RAS-Verbindungsverwaltung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (01/21/2015 09:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 09:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 08:58:53 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251a6801d035b49224820aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllec1e1809-a1a7-11e4-b1c5-40167eaa3a0e
 

Error: (01/21/2015 07:37:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )

Description: 
 

Error: (01/21/2015 07:33:28 PM) (Source: WinMgmt) (EventID: 28) (User: )

Description: 0x80070020
 

Error: (01/21/2015 06:19:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/21/2015 04:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: procexp64.exe16.4.0.05404afa3procexp64.exe16.4.0.05404afa3c000041700000000000a4c0512d401d0358ac590f14fC:\Users\Admin\AppData\Local\Temp\procexp64.exeC:\Users\Admin\AppData\Local\Temp\procexp64.exe4da8789b-a17e-11e4-b13e-40167eaa3a0e
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Kontext: Windows Anwendung
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (01/21/2015 03:43:02 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Kontext: Windows Anwendung, SystemIndex Katalog
 
 

Details:

        Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz

Percentage of memory in use: 34%

Total physical RAM: 8127.48 MB

Available physical RAM: 5306.66 MB

Total Pagefile: 16253.14 MB

Available Pagefile: 13177.68 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:931.41 GB) (Free:544.51 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A25CC603)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Hmm sehr komisch Security Check funktionierte nun hab es durch den Temp ordner gestartet.

Code:

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 AVG Web TuneUp   

 Java 7 Update 71  

 Adobe Flash Player 16.0.0.257  

 Mozilla Firefox (35.0) 

 Google Chrome 38.0.2125.111  Google Chrome out of date!  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials msseces.exe 

 Windows Defender MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

ESET editiere ich hier rein

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=6ffd535c853de940b68c0c725e26be12

# engine=22094

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-01-22 04:52:41

# local_time=2015-01-22 05:52:41 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 11566861 44929555 0 0

# scanned=256412

# found=77

# cleaned=0

# scan_time=16011

sh=BC669DA1A75D0484A6051C8FC212ECF604374F74 ft=1 fh=40844d7476871628 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll.vir"

sh=8967148B998E2772877B4072E829E9F71F55E223 ft=1 fh=c92e5cb9a01c17e8 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\Datamngr.dll.vir"

sh=F883095C2B94610E0CA4D3AE967FDDA4B9FBEFBD ft=1 fh=021b07d06bb374c5 vn="Variante von Win32/Toolbar.SearchSuite.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\DatamngrCoordinator.exe.vir"

sh=56E0772D5BB4B7B90804283E2938134D7E2A5616 ft=1 fh=a506e25dd9fe1911 vn="Variante von Win32/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\IEBHO.dll.vir"

sh=8AC8F889AE8CB7614EAA4BE92EB9B83E80745150 ft=1 fh=7e2bf4b2fad78869 vn="Variante von Win32/AdWare.Bandoo.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\setmgrc2.cfg.vir"

sh=E21A4A28F04527BA1461BD6FD76B773A0E7B4361 ft=1 fh=b6484961b4dafe96 vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\Uninstall.exe.vir"

sh=E4DC21092E714170182BC0EDAEC5CCCBCA825A4D ft=1 fh=0ab9f5ae6f6318b2 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\dtuser.exe.vir"

sh=AE7F0548BC95A6F474B350965252139621D1ECBA ft=1 fh=6a0369f3591cfd86 vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll.vir"

sh=585E6E8CE3B8E6BF0020724D9FBBF976838AD2E2 ft=1 fh=9b3c31e4b016bbf1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\SRTOOL~1\IE\searchresultstb.dll.vir"

sh=7DF4AD620CDFE446BF7FDFB0EB4CA76C9A5B062E ft=1 fh=c573e3ec9111c19d vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll.vir"

sh=A756AD34DCAB2E9A1FE43C87F004C739B69D715F ft=1 fh=795cf2ca606d764f vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\Datamngr.dll.vir"

sh=E6770CC5775C979FBA7764BB1ADEB67C7E3AB0C7 ft=1 fh=12d5e19edea354ad vn="Variante von Win64/Toolbar.SearchSuite.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\IEBHO.dll.vir"

sh=38614DE99FA6968B802052A00FC725F7F21FA4E8 ft=1 fh=c6828318b3e83260 vn="Variante von Win64/Toolbar.SearchSuite.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\mgrldr.dll.vir"

sh=EB1DC337905936463368239717C20F023FFAB9D5 ft=1 fh=b4321eff1e9304b0 vn="Variante von Win64/Adware.Bandoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies App\Datamngr\x64\setmgrc2.cfg.vir"

sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"

sh=7B02B544B8026489A659F1663F44FD67303F37DC ft=1 fh=c71c0011afdef376 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer.dll.vir"

sh=51EE74E3744D0F209267D26B1B63582C55B9B88A ft=1 fh=c71c00112dbeccc9 vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll.vir"

sh=A088E810A12479CAC03B546F28653A1666AC5E49 ft=1 fh=3fecb59499fe35eb vn="Variante von Win32/Toolbar.SearchSuite.X evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\iLivid\Helper.dll.vir"

sh=48E3B50919861A40188614B935D109590D97F2BA ft=1 fh=9b84448774d5fc04 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\iLivid\Uninstall.exe.vir"

sh=E34662E458A0794DD330D3A4B14A74C2FB588BF0 ft=1 fh=78fe6f0790088c74 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Temp\Security Systems\Setup.exe.vir"

sh=25F46CC62E1809D47B6A066128EE229C7254CBCC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp\215\ASW.js.vir"

sh=47BBCA961D8EB720668B9A48831C77E1422B74FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\lgaiealfkonhccobegbcncjgicaiiiin\1.5\DF.js.vir"

sh=6B206C8950A30FF5EAC976F4625BF3C7277556B6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\lsdb.js.vir"

sh=42703FB9ED042E6AAF82442A0A068D5E885FBE6B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\torch\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\Nu.js.vir"

sh=4A8F0D599E83BA8DAA089E8D4531A3E69153B4FA ft=1 fh=3297d2d6b0a65189 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF10.dll.vir"

sh=7220A841EAE12646301353F37C5311D3DDA399CB ft=1 fh=ba67813e85cbdd8f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF11.dll.vir"

sh=DD8055C3DD0F8614695BE2F3E81747BA53B56A6B ft=1 fh=16d9dfac3a89d5f2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF12.dll.vir"

sh=066D039110C844280F01717F1CBF701790ED840C ft=1 fh=1951189c52edf34f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF13.dll.vir"

sh=364B90594E94ECDCF75CB70D672836D984DA6C0F ft=1 fh=c38893cbccb6e0bc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF14.dll.vir"

sh=7523872B4299B19FBE8499E3A2F42BFE1C23BA4F ft=1 fh=8f339060c004cb1e vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF15.dll.vir"

sh=CA60485108FAFD7089294A3C7628CD0069FB129E ft=1 fh=41e1dc7be1c45286 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF16.dll.vir"

sh=D7972EDC185303F4AFD1C25628FD767A8547F83D ft=1 fh=4086822c24c829a5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF17.dll.vir"

sh=DC9164359D93294D4524BC0772895276593E0499 ft=1 fh=c84ee10172cae6c6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF18.dll.vir"

sh=7801EC8F7E19A3EBAF9E3730B9B4C742137406E7 ft=1 fh=a0dfcc6576be9ef1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF19.dll.vir"

sh=054F7D62751845805C51EFD0CB76A3561B9B4B3B ft=1 fh=9458798b62c8fac7 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF2.dll.vir"

sh=7E670821F246C429C3BF36C3A2E5D9D1113C090D ft=1 fh=6465b154677476c5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF20.dll.vir"

sh=E7FB440D310A203DF2C1BA013926F6C3F4F0006A ft=1 fh=bb2d172716c29176 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF21.dll.vir"

sh=04E35E39001699859CE0828DEBB7CD61A1CD0662 ft=1 fh=7be10f78eb933bcd vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF22.dll.vir"

sh=E80234BF62469290FE42304A9AC8A8C39AE9BC27 ft=1 fh=6381f536b0081617 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF23.dll.vir"

sh=9C9CE686C401131EA0E75236BCEB59FB9A54AFA0 ft=1 fh=7cd7ede24e4b8ce6 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF24.dll.vir"

sh=8BF1C48CBF3E1ACC188EDA4EA1C6FC7F76F1651D ft=1 fh=8296418d6e6ffadc vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF25.dll.vir"

sh=67617F900E6EC464724B6C59B5A79D5280B2C439 ft=1 fh=e7f349f090c4fa78 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF26.dll.vir"

sh=6DB764D2B2A227A13E571155A98C64A910C73F41 ft=1 fh=24addb4719e5f0fa vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF27.dll.vir"

sh=1462451C85B0AF7D09D5FF5E1C9C13E6D51F54BA ft=1 fh=a1c31c6ce147d62f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF28.dll.vir"

sh=CD2D832088B816006D5FF3360E04828331D320AA ft=1 fh=df158a50120a5e4c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF29.dll.vir"

sh=690E5EE9A1F8588F38A752DE3E0472279592E95F ft=1 fh=a5bf940c56a73996 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF30.dll.vir"

sh=F0C4C775C3AFE3499A96F9294BF279C2D07D0355 ft=1 fh=078fb061f5bd4deb vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF31.dll.vir"

sh=5EB427B4638E4AF65BD495992876B9C0128C6D5D ft=1 fh=ab3429fbb8301f61 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF32.dll.vir"

sh=D71D538E3AF91E71EDDA658BBBB2361C0CAA070E ft=1 fh=9000c7cbe4d2e128 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF4.dll.vir"

sh=F17CDCAE3C701E3D70BFFEB1043A9D650D07E862 ft=1 fh=c81f983c63f2ea5d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF5.dll.vir"

sh=325456C454B733B5958F42E1BB964FB40411ACE6 ft=1 fh=1063b22e7c6a72b1 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF6.dll.vir"

sh=485C959970534C6B9181BF0079847D2C61A19458 ft=1 fh=23be7d4639d7a081 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF7.dll.vir"

sh=B9631E25F6DD1CE9300605A0A886427C88AAEF63 ft=1 fh=17c1f6aab0d50a66 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF8.dll.vir"

sh=53F1C85A53AA45B44FB073764F4A7027E4904FAA ft=1 fh=1a934bc4d457b81f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\FirefoxToolbar\Movies App\Datamngr\components\DatamngrHlpFF9.dll.vir"

sh=DF58C3131D2A0F333119E7433AA1E1176EA473C8 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mds2jm8z.default-1415808179300\Extensions\m4PDx@M.com\content\bg.js.vir"

sh=A54B5A612CED9BE98D94BF6B7356A34A59AE36D4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mds2jm8z.default-1415808179300\Extensions\WtyKhLI@cdmP.org\content\bg.js.vir"

sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"

sh=B624AC838C20DFB6B5F296A1178665A217E428A9 ft=1 fh=c94d0150af5f51e0 vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}Gw64.sys.vir"

sh=070BEFC48D69B53516F240A4850B6EAAF248F504 ft=1 fh=b7ceca62f99eb0de vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}Gw64.sys.vir"

sh=B2909777C29B48E61B72BE15296409AD202FB63B ft=1 fh=fc71352115be5159 vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{dda91daf-e6f8-4453-88d1-df18d861c904}Gw64.sys.vir"

sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Realtek\xsljqlotg.exe.xBAD"

sh=CF7106FE53AE07F86C97D741A5B8294CEFD834E7 ft=1 fh=d1543f12e170c1c0 vn="Variante von Win32/Adware.Pirrit.Q Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\keyboardcercredSched.exe"

sh=FA62C8FCD9B3CC01B232A4DF031B7E3BCBD077C9 ft=1 fh=c71c001101c80823 vn="Win32/Adware.Pirrit.R Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\memorympg2spltx64.exe"

sh=9B1EE478F2A96CDFA2B679A868E259CECF3622A7 ft=1 fh=7d94be169bc52fe8 vn="Win32/NetToolDetect.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Admin\AppData\Local\keyboardcercredSched\SrDt.exe"

sh=2AF7E6189BBA7C17CA75EE903F7CF0967BA16368 ft=1 fh=21a23f1f8de08981 vn="Win32/Patched.NFS Trojaner" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll"

sh=A90C369F5ABF1E6000B67749BA93A12DB4D6B4FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"

sh=0A5B8738A28168119ADB321B8BA0E75CC7B30418 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\189\J5zXU.js.vir"

sh=25F46CC62E1809D47B6A066128EE229C7254CBCC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cnnckoodldcbgegkmlgponhofcngihnp\215\ASW.js.vir"

sh=47BBCA961D8EB720668B9A48831C77E1422B74FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lgaiealfkonhccobegbcncjgicaiiiin\1.5\DF.js.vir"

sh=6B206C8950A30FF5EAC976F4625BF3C7277556B6 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\lsdb.js.vir"

sh=42703FB9ED042E6AAF82442A0A068D5E885FBE6B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oifdfchgmkfglcccmkoofhbnmkdlbgag\141\Nu.js.vir"

sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\svhost_64.exe.vir"

sh=0F7EA736E433AF72EC2B213BCA087C222AB582B6 ft=1 fh=5172fb09f9e8424e vn="Variante von MSIL/Injector.HDX Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Admin\AppData\Roaming\zzosrbi.exe.vir"

sh=2CDBFBC92C7782499C1DF1BAF5F917E29578FEE7 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Desktop\Alte Firefox-Daten\3we9glpg.default-1415530066210\extensions\{c5db642e-a4dc-48dc-a9f5-088bcf85b719}.xpi"

sh=6C7CDF532CF084BBB788A502ABDE2EF7D026C3CE ft=1 fh=bfb1a132be087506 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Downloads\Java Runtime Environment 64 Bit - CHIP-Installer.exe"

sh=505F355F53493553A44EC9791656A9B6D35F692F ft=1 fh=f3a7e9e22ac8661f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Admin\Pictures\Donwload 2\Audacity - CHIP-Installer.exe"

sh=A90C369F5ABF1E6000B67749BA93A12DB4D6B4FC ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\hpemadepfkkgdmiphlhpahlocokndjgp\KmAFJ.js"

hier noch eset