Trojaner-Board - Mailwarebytes hat Trojan.DNSChanger entdeckt. Kommt nach Neustart immer wieder

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Mailwarebytes hat Trojan.DNSChanger entdeckt. Kommt nach Neustart immer wieder (https://www.trojaner-board.de/163451-mailwarebytes-hat-trojan-dnschanger-entdeckt-kommt-neustart-immer.html)

Mailwarebytes hat Trojan.DNSChanger entdeckt. Kommt nach Neustart immer wieder

Hallo,

bei meinem letzten Durchlauf vom Mailwarebytes Anti-Mailware hat das Programm 2 Trojan.DSNChanger in den Registrierungsdaten gefunden. Nach dem Löschen und einem Neustart sind diese beiden Trojaner bein nachsten Suchlauf wieder da.

Gibt es eine Möglichkeit diese Trojaner zu entfernen?

Vielen Dank vorab für eure Hilfe.

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.

Los geht's:

Schritt 1
http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://deeprybka.trojaner-board.de/tdss/codetags.gif

Hier FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by Tobias (administrator) on TOBIAS-PC on 01-02-2015 14:57:49

Running from C:\Users\Tobias\Desktop

Loaded Profiles: Tobias (Available profiles: Tobias)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\WinService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Valve Corporation) K:\Steam\Steam.exe

(Valve Corporation) K:\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) K:\Steam\bin\steamwebhelper.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2014-12-20] (SEIKO EPSON CORPORATION)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com

SearchScopes: HKLM -> DefaultScope {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKU\S-1-5-21-3475892580-4229758714-917526130-1000 -> DefaultScope {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

Tcpip\..\Interfaces\{F7BD20A2-2528-4E2F-81A0-6F4F7372A5E4}: [NameServer] 8.8.8.8
 

FireFox:

========

FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default

FF Homepage: google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3475892580-4229758714-917526130-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Extension: YouTube Unblocker - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-27]

FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 14:57 - 2015-02-01 14:57 - 02131456 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe

2015-02-01 14:57 - 2015-02-01 14:57 - 00011176 _____ () C:\Users\Tobias\Desktop\FRST.txt

2015-02-01 14:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps

2015-02-01 13:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc

2015-02-01 13:12 - 2015-02-01 13:12 - 00000085 _____ () C:\Windows\wininit.ini

2015-02-01 13:04 - 2015-02-01 14:57 - 00000000 ____D () C:\FRST

2015-02-01 12:44 - 2015-02-01 12:44 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2015-02-01 12:44 - 2015-02-01 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-02-01 12:43 - 2015-02-01 12:43 - 00000000 ____D () C:\Program Files\VideoLAN

2015-02-01 12:43 - 2015-02-01 12:43 - 00000000 ____D () C:\Program Files (x86)\Startfenster

2015-01-31 21:02 - 2015-01-31 21:02 - 00000000 ____D () C:\Users\Tobias\.appwork

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\ESET

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Local\ESET

2015-01-31 17:42 - 2015-02-01 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-01-31 17:42 - 2015-02-01 13:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-01-31 17:42 - 2015-01-31 17:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-01-31 15:56 - 2015-01-31 15:56 - 00000116 ___RH () C:\Users\Tobias\Downloads\Stinger.opt

2015-01-31 15:56 - 2015-01-31 15:56 - 00000000 ____D () C:\Quarantine

2015-01-31 15:46 - 2015-01-31 15:56 - 00000000 ____D () C:\Program Files\stinger

2015-01-31 10:32 - 2015-01-31 10:32 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-31 10:26 - 2015-01-19 15:13 - 18570328 _____ () C:\Users\Tobias\Desktop\RogueKillerX64.exe

2015-01-31 10:18 - 2015-02-01 12:31 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-31 10:18 - 2015-01-31 10:18 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-30 23:48 - 2015-01-30 23:48 - 00000000 ____D () C:\ProgramData\F-Secure

2015-01-30 20:48 - 2015-01-30 20:48 - 00001591 _____ () C:\Users\Tobias\Desktop\Text.txt

2015-01-30 20:38 - 2015-01-30 20:38 - 00030488 _____ () C:\Users\Tobias\Desktop\bookmarks-2015-01-30.json

2015-01-26 18:32 - 2015-01-26 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-17 23:56 - 2015-01-17 23:56 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Microsoft Games

2015-01-15 19:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-15 19:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-15 19:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-15 19:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-15 19:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-15 19:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-15 19:52 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-15 19:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-02 18:13 - 2015-01-02 18:13 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Introversion

2015-01-02 14:09 - 2015-01-02 14:21 - 00000000 ____D () C:\Users\Tobias\Documents\StarCraft II

2015-01-02 01:20 - 2015-01-02 01:20 - 00000000 ____D () C:\Users\Tobias\Documents\Paradox Interactive

2015-01-02 00:24 - 2015-01-02 00:50 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Game Dev Tycoon - Steam
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 14:58 - 2014-12-20 23:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-01 14:32 - 2014-12-20 18:27 - 01504430 _____ () C:\Windows\WindowsUpdate.log

2015-02-01 13:10 - 2014-12-20 20:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-01 12:36 - 2010-11-21 07:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat

2015-02-01 12:36 - 2010-11-21 07:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat

2015-02-01 12:36 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 12:36 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-01 12:36 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-01 12:29 - 2014-12-20 19:30 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-01 12:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-01 12:29 - 2009-07-14 05:51 - 00049140 _____ () C:\Windows\setupact.log

2015-02-01 12:28 - 2010-11-21 04:47 - 00008866 _____ () C:\Windows\PFRO.log

2015-01-31 23:31 - 2014-12-20 20:13 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client

2015-01-31 21:02 - 2014-12-20 18:27 - 00000000 ____D () C:\Users\Tobias

2015-01-31 10:23 - 2014-12-20 21:48 - 00000000 ____D () C:\KMPlayer

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-30 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2015-01-30 20:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-28 18:06 - 2014-12-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-25 12:05 - 2014-12-20 20:13 - 00000000 ____D () C:\ProgramData\Origin

2015-01-24 22:58 - 2014-12-20 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 22:58 - 2014-12-20 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 22:58 - 2014-12-20 23:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-23 20:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-17 15:54 - 2014-12-20 21:51 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Logitech

2015-01-17 15:54 - 2014-12-20 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2015-01-17 15:54 - 2014-12-20 21:36 - 00000000 ____D () C:\Program Files\Common Files\Logishrd

2015-01-17 15:54 - 2014-12-20 19:45 - 00000000 ____D () C:\ProgramData\LogiShrd

2015-01-15 20:02 - 2014-12-20 20:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-09 22:17 - 2014-12-20 19:40 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-08 22:30 - 2014-12-27 23:35 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Battle.net

2015-01-04 16:45 - 2014-12-20 21:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2015-01-04 16:45 - 2014-12-20 21:50 - 00002326 _____ () C:\Windows\LkmdfCoInst.log

2015-01-02 22:36 - 2011-04-07 08:37 - 00163117 _____ () C:\Windows\DirectX.log

2015-01-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-01-02 18:10 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tropico 5

2015-01-02 14:09 - 2014-12-27 23:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2015-01-02 00:58 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\Documents\my games
 

Some content of TEMP:

====================

C:\Users\Tobias\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Tobias\AppData\Local\Temp\InstHelper.exe

C:\Users\Tobias\AppData\Local\Temp\proxy_vole1051616676158214137.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-24 15:49
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hier Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015

Ran by Tobias at 2015-02-01 14:58:06

Running from C:\Users\Tobias\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)

Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)

FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden

Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden

Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)

Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)

NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)

NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)

NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden

SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)

Startfenster (HKLM-x32\...\Startfenster) (Version:  - Startfenster) <==== ATTENTION!

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)

Unity Web Player (HKU\S-1-5-21-3475892580-4229758714-917526130-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

25-01-2015 10:36:02 Windows Update

25-01-2015 19:46:58 Windows-Sicherung

28-01-2015 18:17:34 Windows Update

30-01-2015 23:33:09 Wiederherstellungsvorgang

30-01-2015 23:49:50 Windows Update

31-01-2015 05:09:56 Avira EU-Cleaner - 31.01.2015 05:09
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {742BA964-C465-4C90-B00C-4F96D6B14733} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {8FE1C567-EE35-4729-8C6F-6639245D9DBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)

Task: {C56A3805-CAB3-4FEE-B4C0-15743B5FF374} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-10-01] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-12-20 20:14 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-12-20 18:54 - 2010-05-10 12:14 - 00186848 _____ () C:\Windows\SysWOW64\WinService.exe

2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2014-12-20 18:54 - 2010-05-10 12:13 - 01268192 _____ () C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe

2014-08-30 10:46 - 2014-12-01 22:31 - 02396672 _____ () K:\Steam\libavcodec-56.dll

2014-08-30 10:46 - 2014-12-01 22:31 - 00442880 _____ () K:\Steam\libavutil-54.dll

2014-08-30 10:46 - 2014-12-01 22:31 - 00479744 _____ () K:\Steam\libavformat-56.dll

2014-08-30 10:46 - 2014-12-01 22:31 - 00332800 _____ () K:\Steam\libavresample-2.dll

2013-04-23 17:30 - 2014-11-11 19:47 - 00774656 _____ () K:\Steam\SDL2.dll

2015-01-20 18:22 - 2014-12-02 01:29 - 05002752 _____ () K:\Steam\v8.dll

2015-01-20 18:22 - 2014-12-02 01:29 - 01612800 _____ () K:\Steam\icui18n.dll

2015-01-20 18:22 - 2014-12-02 01:29 - 01210368 _____ () K:\Steam\icuuc.dll

2014-05-22 18:34 - 2015-01-23 23:34 - 02227904 _____ () K:\Steam\video.dll

2014-08-30 10:46 - 2014-12-01 22:31 - 00485888 _____ () K:\Steam\libswscale-3.dll

2013-07-08 07:52 - 2015-01-23 23:33 - 00696512 _____ () K:\Steam\bin\chromehtml.DLL

2013-07-08 07:52 - 2015-01-16 00:42 - 34641288 _____ () K:\Steam\bin\libcef.dll

2014-08-14 18:26 - 2015-01-16 00:42 - 01709960 _____ () K:\Steam\bin\ffmpegsumo.dll

2015-01-26 18:32 - 2015-01-26 18:32 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-3475892580-4229758714-917526130-500 - Administrator - Disabled)

Gast (S-1-5-21-3475892580-4229758714-917526130-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3475892580-4229758714-917526130-1002 - Limited - Enabled)

Tobias (S-1-5-21-3475892580-4229758714-917526130-1000 - Administrator - Enabled) => C:\Users\Tobias
 

==================== Faulty Device Manager Devices =============
 

Name: I:\

Description: MS/MS-Pro       

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 

Name: F:\

Description: SD/MMC          

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 

Name: H:\

Description: SM/xD-Picture   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 

Name: G:\

Description: Compact Flash   

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/01/2015 02:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000018e5d

ID des fehlerhaften Prozesses: 0xaa8

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3
 

Error: (02/01/2015 01:12:40 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (02/01/2015 00:29:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 00:27:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 08:52:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 03:33:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 10:32:32 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (01/31/2015 10:32:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (01/31/2015 10:32:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (01/31/2015 08:07:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (01/31/2015 05:46:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (01/31/2015 03:46:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (01/31/2015 03:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (01/31/2015 03:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (01/31/2015 03:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (01/31/2015 10:19:17 AM) (Source: volsnap) (EventID: 16) (User: )

Description: Die Schattenkopien von Volume "K:" wurden verworfen, weil die Bereitsstellungaufhebung von Volume "K:", das einen Schattenkopiespeicher für diese Schattenkopie enthält, erzwungen wurde.
 

Error: (01/30/2015 11:51:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
 

Error: (01/30/2015 11:35:24 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )

Description: Beim Laden der Signaturen wurde von %60 ein Fehler festgestellt. Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.
 

        Versuchte Signaturen: %24
 

        Fehlercode: 0x80070002
 

        Fehlerbeschreibung: Das System kann die angegebene Datei nicht finden. 
 

        Signaturversion: 0.0.0.0;0.0.0.0
 

        Modulversion: %600
 

Error: (01/30/2015 09:46:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (01/30/2015 09:46:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 
 

Microsoft Office Sessions:

=========================

Error: (02/01/2015 02:16:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5daa801d03e18e6497e39C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll7c3767ee-aa14-11e4-941c-5404a62a0210
 

Error: (02/01/2015 01:12:40 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe
 

Error: (02/01/2015 00:29:29 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 00:27:51 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 08:52:07 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 03:33:00 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 10:32:32 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe
 

Error: (01/31/2015 10:32:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe
 

Error: (01/31/2015 10:32:30 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe
 

Error: (01/31/2015 08:07:21 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz

Percentage of memory in use: 16%

Total physical RAM: 16365.23 MB

Available physical RAM: 13642.32 MB

Total Pagefile: 32728.64 MB

Available Pagefile: 30129.1 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:200 GB) (Free:130.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: () (Fixed) (Total:265.76 GB) (Free:35.27 GB) NTFS

Drive j: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:120.08 GB) NTFS

Drive k: (INTENSO) (Fixed) (Total:931.51 GB) (Free:347.38 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A7471114)

Partition 1: (Active) - (Size=200 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=265.8 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 465.8 GB) (Disk ID: 5A08C19D)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 931.5 GB) (Disk ID: B5FA4C0A)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Ach der Scheiß hat mich schon auf BleepingComputer genervt... :D

Schritt 1

Bitte deinstalliere folgende Programme:

Startfenster

Versuche es bei Windows 7 http://deeprybka.trojaner-board.de/b...ne/revo/w7.png zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.png hier herunter. Entpacke die zip-Datei auf den Desktop. Anleitung

Starte die Revouninstaller.exe http://deeprybka.trojaner-board.de/b...o/revoport.PNG
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Downloade Dir bitte Farbar's http://i.imgur.com/rzqZvBe.png MiniToolBox auf Deinen Desktop und starte das Tool.
Wähle "Select All" und klicke auf GO.
Poste das Log in CODE-Tags.

Schritt 4

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Hallo,

hier der LOG vom AdwCleaner

Code:

# AdwCleaner v4.109 - Bericht erstellt am 01/02/2015 um 18:40:02

# Aktualisiert 24/01/2015 von Xplode

# Database : 2015-01-26.1 [Live]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Tobias - TOBIAS-PC

# Gestartet von : C:\Users\Tobias\Desktop\AdwCleaner_4.109.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\OCS

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Mozilla Firefox v35.0.1 (x86 de)
 
 

*************************
 

AdwCleaner[R0].txt - [977 octets] - [01/02/2015 18:38:58]

AdwCleaner[S0].txt - [853 octets] - [01/02/2015 18:40:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [912 octets] ##########

Hier der MiniToolBox Log

Code:

MiniToolBox by Farbar  Version: 30-11-2014

Ran by Tobias (administrator) on 01-02-2015 at 18:44:37

Running from "C:\Users\Tobias\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************
 

========================= Flush DNS: ===================================
 

Windows-IP-Konfiguration
 

Der DNS-Aufl�sungscache wurde geleert.
 

========================= IE Proxy Settings: ============================== 
 

Proxy is not enabled.

No Proxy Server is set.
 

"Reset IE Proxy Settings": IE Proxy Settings were reset.
 

========================= FF Proxy Settings: ============================== 
 
 

"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 

========================= Hosts content: =================================
 
 
 

========================= IP Configuration: ================================
 

NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter = Drahtlosnetzwerkverbindung (Connected)

Realtek PCIe GBE Family Controller = LAN-Verbindung (Media disconnected)
 
 

# ----------------------------------

# IPv4-Konfiguration

# ----------------------------------

pushd interface ipv4
 

reset

set global icmpredirects=enabled
 
 

popd

# Ende der IPv4-Konfiguration
 
 
 

Windows-IP-Konfiguration
 

   Hostname  . . . . . . . . . . . . : Tobias-PC

   Prim�res DNS-Suffix . . . . . . . : 

   Knotentyp . . . . . . . . . . . . : Hybrid

   IP-Routing aktiviert  . . . . . . : Nein

   WINS-Proxy aktiviert  . . . . . . : Nein
 

Ethernet-Adapter LAN-Verbindung:
 

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physikalische Adresse . . . . . . : 54-04-A6-2A-02-10

   DHCP aktiviert. . . . . . . . . . : Ja

   Autokonfiguration aktiviert . . . : Ja
 

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:
 

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter

   Physikalische Adresse . . . . . . : 00-0F-B5-D3-10-82

   DHCP aktiviert. . . . . . . . . . : Ja

   Autokonfiguration aktiviert . . . : Ja

   Verbindungslokale IPv6-Adresse  . : fe80::7529:910c:9556:a0f3%11(Bevorzugt) 

   IPv4-Adresse  . . . . . . . . . . : 192.168.2.101(Bevorzugt) 

   Subnetzmaske  . . . . . . . . . . : 255.255.255.0

   Lease erhalten. . . . . . . . . . : Sonntag, 1. Februar 2015 18:42:03

   Lease l�uft ab. . . . . . . . . . : Mittwoch, 4. Februar 2015 18:42:03

   Standardgateway . . . . . . . . . : 192.168.2.1

   DHCP-Server . . . . . . . . . . . : 192.168.2.1

   DHCPv6-IAID . . . . . . . . . . . : 234885045

   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1C-27-70-5B-00-0F-B5-D3-10-82

   DNS-Server  . . . . . . . . . . . : 8.8.8.8

   NetBIOS �ber TCP/IP . . . . . . . : Aktiviert
 

Tunneladapter isatap.{F7BD20A2-2528-4E2F-81A0-6F4F7372A5E4}:
 

   Medienstatus. . . . . . . . . . . : Medium getrennt

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja
 

Tunneladapter Teredo Tunneling Pseudo-Interface:
 

   Verbindungsspezifisches DNS-Suffix: 

   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP aktiviert. . . . . . . . . . : Nein

   Autokonfiguration aktiviert . . . : Ja

   IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:6ab8:24b7:a521:adac:3981(Bevorzugt) 

   Verbindungslokale IPv6-Adresse  . : fe80::24b7:a521:adac:3981%12(Bevorzugt) 

   Standardgateway . . . . . . . . . : ::

   NetBIOS �ber TCP/IP . . . . . . . : Deaktiviert

Server:  google-public-dns-a.google.com

Address:  8.8.8.8
 

Name:    google.com

Addresses:  2a00:1450:4005:808::1002

          173.194.113.136

          173.194.113.129

          173.194.113.128

          173.194.113.133

          173.194.113.131

          173.194.113.134

          173.194.113.142

          173.194.113.137

          173.194.113.130

          173.194.113.135

          173.194.113.132
 
 

Ping wird ausgef�hrt f�r google.com [173.194.113.128] mit 32 Bytes Daten:

Antwort von 173.194.113.128: Bytes=32 Zeit=11ms TTL=58

Antwort von 173.194.113.128: Bytes=32 Zeit=10ms TTL=58
 

Ping-Statistik f�r 173.194.113.128:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0

    (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 10ms, Maximum = 11ms, Mittelwert = 10ms

Server:  google-public-dns-a.google.com

Address:  8.8.8.8
 

Name:    yahoo.com

Addresses:  206.190.36.45

          98.139.183.24

          98.138.253.109
 
 

Ping wird ausgef�hrt f�r yahoo.com [206.190.36.45] mit 32 Bytes Daten:

Antwort von 206.190.36.45: Bytes=32 Zeit=180ms TTL=52

Antwort von 206.190.36.45: Bytes=32 Zeit=172ms TTL=52
 

Ping-Statistik f�r 206.190.36.45:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0

    (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 172ms, Maximum = 180ms, Mittelwert = 176ms
 

Ping wird ausgef�hrt f�r 127.0.0.1 mit 32 Bytes Daten:

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
 

Ping-Statistik f�r 127.0.0.1:

    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0

    (0% Verlust),

Ca. Zeitangaben in Millisek.:

    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms

===========================================================================

Schnittstellenliste

 13...54 04 a6 2a 02 10 ......Realtek PCIe GBE Family Controller

 11...00 0f b5 d3 10 82 ......NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter

  1...........................Software Loopback Interface 1

 14...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter

 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================
 

IPv4-Routentabelle

===========================================================================

Aktive Routen:

     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik

          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.101     25

        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306

        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306

  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306

      192.168.2.0    255.255.255.0   Auf Verbindung     192.168.2.101    281

    192.168.2.101  255.255.255.255   Auf Verbindung     192.168.2.101    281

    192.168.2.255  255.255.255.255   Auf Verbindung     192.168.2.101    281

        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306

        224.0.0.0        240.0.0.0   Auf Verbindung     192.168.2.101    281

  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306

  255.255.255.255  255.255.255.255   Auf Verbindung     192.168.2.101    281

===========================================================================

St�ndige Routen:

  Keine
 

IPv6-Routentabelle

===========================================================================

Aktive Routen:

 If Metrik Netzwerkziel             Gateway

 12     58 ::/0                     Auf Verbindung

  1    306 ::1/128                  Auf Verbindung

 12     58 2001::/32                Auf Verbindung

 12    306 2001:0:9d38:6ab8:24b7:a521:adac:3981/128

                                    Auf Verbindung

 11    281 fe80::/64                Auf Verbindung

 12    306 fe80::/64                Auf Verbindung

 12    306 fe80::24b7:a521:adac:3981/128

                                    Auf Verbindung

 11    281 fe80::7529:910c:9556:a0f3/128

                                    Auf Verbindung

  1    306 ff00::/8                 Auf Verbindung

 12    306 ff00::/8                 Auf Verbindung

 11    281 ff00::/8                 Auf Verbindung

===========================================================================

St�ndige Routen:

  Keine

========================= Winsock entries =====================================
 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 

========================= Event log errors: ===============================
 

Application errors:

==================

Error: (02/01/2015 06:42:49 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 06:39:07 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 06:08:12 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (02/01/2015 06:07:51 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"1".

Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/01/2015 06:07:51 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"1".

Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 

Error: (02/01/2015 02:16:09 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000018e5d

ID des fehlerhaften Prozesses: 0xaa8

Startzeit der fehlerhaften Anwendung: 0xvlc.exe0

Pfad der fehlerhaften Anwendung: vlc.exe1

Pfad des fehlerhaften Moduls: vlc.exe2

Berichtskennung: vlc.exe3
 

Error: (02/01/2015 01:12:40 PM) (Source: SideBySide) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (02/01/2015 00:29:29 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 00:27:51 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 08:52:07 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (02/01/2015 06:40:03 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/01/2015 06:40:03 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "SCM_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (02/01/2015 06:40:02 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 

Microsoft Office Sessions:

=========================

Error: (02/01/2015 06:42:49 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 06:39:07 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 06:08:12 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 

Error: (02/01/2015 06:07:51 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"k:\Steam\steamapps\common\puddle\Puddle.exe
 

Error: (02/01/2015 06:07:51 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.6161"k:\Steam\steamapps\common\puddle\Launcher.exe
 

Error: (02/01/2015 02:16:09 PM) (Source: Application Error)(User: )

Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.18247521eaf24c00000050000000000018e5daa801d03e18e6497e39C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll7c3767ee-aa14-11e4-941c-5404a62a0210
 

Error: (02/01/2015 01:12:40 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tobias\Downloads\esetsmartinstaller_deu.exe
 

Error: (02/01/2015 00:29:29 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (02/01/2015 00:27:51 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (01/31/2015 08:52:07 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
 

=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)

Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)

Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)

Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)

FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden

Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden

Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden

Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Logitech Gaming Software (Version: 8.30.28 - Logitech Inc.) Hidden

Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)

Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden

Microsoft Security Client DE-DE Language Pack (Version: 2.0.0719.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)

NETGEAR WG111v2 wireless USB 2.0 adapter (HKLM-x32\...\{4102037D-E8E0-48E0-B203-E521D194FB71}) (Version: 1.0.0.133 - NETGEAR)

NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden

NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)

NVIDIA GeForce Experience Service (Version: 16.18.9 - NVIDIA Corporation) Hidden

NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.172.1357 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 2.1 - NVIDIA Corporation) Hidden

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA ShadowPlay 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 347.09 (Version: 347.09 - NVIDIA Corporation) Hidden

NVIDIA Update 16.18.9 (Version: 16.18.9 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 16.18.9 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.27 (Version: 1.2.27 - NVIDIA Corporation) Hidden

OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)

Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden

SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 

========================= Devices: ================================
 
 

========================= Memory info: ===================================
 

Percentage of memory in use: 16%

Total physical RAM: 16365.23 MB

Available physical RAM: 13737.45 MB

Total Pagefile: 32728.64 MB

Available Pagefile: 30084.37 MB

Total Virtual: 4095.88 MB

Available Virtual: 3976.64 MB
 

========================= Partitions: =====================================
 

1 Drive c: () (Fixed) (Total:200 GB) (Free:130.8 GB) NTFS

2 Drive d: () (Fixed) (Total:265.76 GB) (Free:35.27 GB) NTFS

8 Drive j: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:120.08 GB) NTFS

9 Drive k: (INTENSO) (Fixed) (Total:931.51 GB) (Free:347.38 GB) NTFS
 

========================= Users: ========================================
 

Benutzerkonten fr \\TOBIAS-PC
 

Administrator            Gast                     Tobias                   

Der Befehl wurde erfolgreich ausgefhrt.
 

========================= Minidump Files ==================================
 

No minidump file found
 

========================= Restore Points ==================================
 

25-01-2015 09:36:02 Windows Update

25-01-2015 18:46:58 Windows-Sicherung

28-01-2015 17:17:34 Windows Update
 
 

**** End of log ****

Hier der FRST Log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by Tobias (administrator) on TOBIAS-PC on 01-02-2015 18:51:50

Running from C:\Users\Tobias\Desktop

Loaded Profiles: Tobias (Available profiles: Tobias)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\WinService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE

() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2014-12-20] (SEIKO EPSON CORPORATION)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com

SearchScopes: HKLM -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8

Tcpip\..\Interfaces\{F7BD20A2-2528-4E2F-81A0-6F4F7372A5E4}: [NameServer] 8.8.8.8
 

FireFox:

========

FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default

FF Homepage: google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3475892580-4229758714-917526130-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Extension: YouTube Unblocker - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-27]

FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 18:44 - 2015-02-01 18:44 - 00036820 _____ () C:\Users\Tobias\Desktop\Result.txt

2015-02-01 18:38 - 2015-02-01 18:40 - 00000000 ____D () C:\AdwCleaner

2015-02-01 18:34 - 2015-02-01 18:34 - 02194432 _____ () C:\Users\Tobias\Desktop\AdwCleaner_4.109.exe

2015-02-01 18:34 - 2015-02-01 18:34 - 00401920 _____ (Farbar) C:\Users\Tobias\Desktop\MiniToolBox.exe

2015-02-01 18:33 - 2015-02-01 18:33 - 02785665 _____ (PortableApps.com) C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-02-01 14:58 - 2015-02-01 14:58 - 00030316 _____ () C:\Users\Tobias\Desktop\Addition.txt

2015-02-01 14:57 - 2015-02-01 18:51 - 00010507 _____ () C:\Users\Tobias\Desktop\FRST.txt

2015-02-01 14:57 - 2015-02-01 14:57 - 02131456 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe

2015-02-01 14:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps

2015-02-01 13:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc

2015-02-01 13:12 - 2015-02-01 13:12 - 00000085 _____ () C:\Windows\wininit.ini

2015-02-01 13:04 - 2015-02-01 18:51 - 00000000 ____D () C:\FRST

2015-02-01 12:44 - 2015-02-01 12:44 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2015-02-01 12:44 - 2015-02-01 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-02-01 12:43 - 2015-02-01 12:43 - 00000000 ____D () C:\Program Files\VideoLAN

2015-01-31 21:02 - 2015-01-31 21:02 - 00000000 ____D () C:\Users\Tobias\.appwork

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\ESET

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Local\ESET

2015-01-31 17:42 - 2015-02-01 18:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-01-31 17:42 - 2015-02-01 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-01-31 17:42 - 2015-01-31 17:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-01-31 15:56 - 2015-01-31 15:56 - 00000116 ___RH () C:\Users\Tobias\Downloads\Stinger.opt

2015-01-31 15:56 - 2015-01-31 15:56 - 00000000 ____D () C:\Quarantine

2015-01-31 15:46 - 2015-01-31 15:56 - 00000000 ____D () C:\Program Files\stinger

2015-01-31 10:32 - 2015-01-31 10:32 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-31 10:26 - 2015-01-19 15:13 - 18570328 _____ () C:\Users\Tobias\Desktop\RogueKillerX64.exe

2015-01-31 10:18 - 2015-02-01 12:31 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-31 10:18 - 2015-01-31 10:18 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-30 23:48 - 2015-01-30 23:48 - 00000000 ____D () C:\ProgramData\F-Secure

2015-01-30 20:48 - 2015-01-30 20:48 - 00001591 _____ () C:\Users\Tobias\Desktop\Text.txt

2015-01-30 20:38 - 2015-01-30 20:38 - 00030488 _____ () C:\Users\Tobias\Desktop\bookmarks-2015-01-30.json

2015-01-26 18:32 - 2015-01-26 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-17 23:56 - 2015-01-17 23:56 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Microsoft Games

2015-01-15 19:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-15 19:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-15 19:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-15 19:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-15 19:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-15 19:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-15 19:52 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-15 19:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-02 18:13 - 2015-01-02 18:13 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Introversion

2015-01-02 14:09 - 2015-01-02 14:21 - 00000000 ____D () C:\Users\Tobias\Documents\StarCraft II

2015-01-02 01:20 - 2015-01-02 01:20 - 00000000 ____D () C:\Users\Tobias\Documents\Paradox Interactive

2015-01-02 00:24 - 2015-01-02 00:50 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Game Dev Tycoon - Steam
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 18:48 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-01 18:48 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-01 18:47 - 2010-11-21 07:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat

2015-02-01 18:47 - 2010-11-21 07:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat

2015-02-01 18:47 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 18:44 - 2014-12-20 18:27 - 01539116 _____ () C:\Windows\WindowsUpdate.log

2015-02-01 18:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-01 18:41 - 2009-07-14 05:51 - 00049476 _____ () C:\Windows\setupact.log

2015-02-01 18:40 - 2014-12-20 19:30 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-01 18:40 - 2010-11-21 04:47 - 00012518 _____ () C:\Windows\PFRO.log

2015-02-01 18:37 - 2014-12-20 20:13 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client

2015-02-01 18:32 - 2014-12-20 19:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-01 18:32 - 2014-12-20 19:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-01 18:32 - 2014-12-20 18:27 - 00001433 _____ () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-01 18:32 - 2014-12-20 18:27 - 00001427 _____ () C:\Users\Tobias\Desktop\Internet Explorer.lnk

2015-02-01 17:58 - 2014-12-20 23:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-01 13:10 - 2014-12-20 20:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-31 21:02 - 2014-12-20 18:27 - 00000000 ____D () C:\Users\Tobias

2015-01-31 10:23 - 2014-12-20 21:48 - 00000000 ____D () C:\KMPlayer

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-30 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2015-01-30 20:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-28 18:06 - 2014-12-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-25 12:05 - 2014-12-20 20:13 - 00000000 ____D () C:\ProgramData\Origin

2015-01-24 22:58 - 2014-12-20 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 22:58 - 2014-12-20 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 22:58 - 2014-12-20 23:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-23 20:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-17 15:54 - 2014-12-20 21:51 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Logitech

2015-01-17 15:54 - 2014-12-20 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2015-01-17 15:54 - 2014-12-20 21:36 - 00000000 ____D () C:\Program Files\Common Files\Logishrd

2015-01-17 15:54 - 2014-12-20 19:45 - 00000000 ____D () C:\ProgramData\LogiShrd

2015-01-15 20:02 - 2014-12-20 20:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-09 22:17 - 2014-12-20 19:40 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-08 22:30 - 2014-12-27 23:35 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Battle.net

2015-01-04 16:45 - 2014-12-20 21:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2015-01-04 16:45 - 2014-12-20 21:50 - 00002326 _____ () C:\Windows\LkmdfCoInst.log

2015-01-02 22:36 - 2011-04-07 08:37 - 00163117 _____ () C:\Windows\DirectX.log

2015-01-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-01-02 18:10 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tropico 5

2015-01-02 14:09 - 2014-12-27 23:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2015-01-02 00:58 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\Documents\my games
 

Some content of TEMP:

====================

C:\Users\Tobias\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Tobias\AppData\Local\Temp\InstHelper.exe

C:\Users\Tobias\AppData\Local\Temp\proxy_vole1051616676158214137.dll

C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe

C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-24 15:49
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Bitte mal nach der Anleitung diesen DNS Eintrag löschen:

Zitat:

91.212.124.159

PC dann neu booten, frisches FRST-Log.

hier der neue FRST log

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015

Ran by Tobias (administrator) on TOBIAS-PC on 01-02-2015 19:33:12

Running from C:\Users\Tobias\Desktop

Loaded Profiles: Tobias (Available profiles: Tobias)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\WinService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [283232 2014-12-20] (SEIKO EPSON CORPORATION)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://portal.kcsservice.de

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://syb.msn.com

HKU\S-1-5-21-3475892580-4229758714-917526130-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com

SearchScopes: HKLM -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {D5E52777-3133-47C7-A73E-4EC5E4F5828B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{F7BD20A2-2528-4E2F-81A0-6F4F7372A5E4}: [NameServer] 8.8.8.8,8.8.4.4
 

FireFox:

========

FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default

FF Homepage: google.de

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3475892580-4229758714-917526130-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tobias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Extension: YouTube Unblocker - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-27]

FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\4lqyhc99.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-20]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)

R2 SCM_Service; C:\Windows\SysWOW64\WinService.exe [186848 2010-05-10] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [450048 2010-04-06] (NETGEAR Inc.)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 18:44 - 2015-02-01 18:56 - 00036714 _____ () C:\Users\Tobias\Desktop\Result.txt

2015-02-01 18:38 - 2015-02-01 18:40 - 00000000 ____D () C:\AdwCleaner

2015-02-01 18:34 - 2015-02-01 18:34 - 02194432 _____ () C:\Users\Tobias\Desktop\AdwCleaner_4.109.exe

2015-02-01 18:34 - 2015-02-01 18:34 - 00401920 _____ (Farbar) C:\Users\Tobias\Desktop\MiniToolBox.exe

2015-02-01 18:33 - 2015-02-01 18:33 - 02785665 _____ (PortableApps.com) C:\Users\Tobias\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe

2015-02-01 14:58 - 2015-02-01 14:58 - 00030316 _____ () C:\Users\Tobias\Desktop\Addition.txt

2015-02-01 14:57 - 2015-02-01 19:33 - 00010772 _____ () C:\Users\Tobias\Desktop\FRST.txt

2015-02-01 14:57 - 2015-02-01 14:57 - 02131456 _____ (Farbar) C:\Users\Tobias\Desktop\FRST64.exe

2015-02-01 14:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Local\CrashDumps

2015-02-01 13:16 - 2015-02-01 14:16 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\vlc

2015-02-01 13:12 - 2015-02-01 13:12 - 00000085 _____ () C:\Windows\wininit.ini

2015-02-01 13:04 - 2015-02-01 19:33 - 00000000 ____D () C:\FRST

2015-02-01 12:44 - 2015-02-01 12:44 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2015-02-01 12:44 - 2015-02-01 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-02-01 12:43 - 2015-02-01 12:43 - 00000000 ____D () C:\Program Files\VideoLAN

2015-01-31 21:02 - 2015-01-31 21:02 - 00000000 ____D () C:\Users\Tobias\.appwork

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\ESET

2015-01-31 17:47 - 2015-01-31 17:47 - 00000000 ____D () C:\Users\Tobias\AppData\Local\ESET

2015-01-31 17:42 - 2015-02-01 18:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-01-31 17:42 - 2015-02-01 13:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-01-31 17:42 - 2015-01-31 17:42 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-01-31 15:56 - 2015-01-31 15:56 - 00000116 ___RH () C:\Users\Tobias\Downloads\Stinger.opt

2015-01-31 15:56 - 2015-01-31 15:56 - 00000000 ____D () C:\Quarantine

2015-01-31 15:46 - 2015-01-31 15:56 - 00000000 ____D () C:\Program Files\stinger

2015-01-31 10:32 - 2015-01-31 10:32 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-31 10:26 - 2015-01-19 15:13 - 18570328 _____ () C:\Users\Tobias\Desktop\RogueKillerX64.exe

2015-01-31 10:18 - 2015-02-01 12:31 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-31 10:18 - 2015-01-31 10:18 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-30 23:48 - 2015-01-30 23:48 - 00000000 ____D () C:\ProgramData\F-Secure

2015-01-30 20:48 - 2015-01-30 20:48 - 00001591 _____ () C:\Users\Tobias\Desktop\Text.txt

2015-01-30 20:38 - 2015-01-30 20:38 - 00030488 _____ () C:\Users\Tobias\Desktop\bookmarks-2015-01-30.json

2015-01-26 18:32 - 2015-01-26 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-01-17 23:56 - 2015-01-17 23:56 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Microsoft Games

2015-01-15 19:52 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-15 19:52 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-15 19:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-15 19:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-01-15 19:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-01-15 19:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-01-15 19:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-01-15 19:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-01-15 19:52 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-15 19:52 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2015-01-15 19:52 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2015-01-02 18:13 - 2015-01-02 18:13 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Introversion

2015-01-02 14:09 - 2015-01-02 14:21 - 00000000 ____D () C:\Users\Tobias\Documents\StarCraft II

2015-01-02 01:20 - 2015-01-02 01:20 - 00000000 ____D () C:\Users\Tobias\Documents\Paradox Interactive

2015-01-02 00:24 - 2015-01-02 00:50 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Game Dev Tycoon - Steam
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-01 19:32 - 2014-12-20 20:13 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\TS3Client

2015-02-01 19:29 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-01 19:29 - 2009-07-14 05:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-01 19:28 - 2010-11-21 07:50 - 00699092 _____ () C:\Windows\system32\perfh007.dat

2015-02-01 19:28 - 2010-11-21 07:50 - 00149232 _____ () C:\Windows\system32\perfc007.dat

2015-02-01 19:28 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-01 19:25 - 2014-12-20 18:27 - 01547018 _____ () C:\Windows\WindowsUpdate.log

2015-02-01 19:22 - 2014-12-20 19:30 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-02-01 19:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-01 19:22 - 2009-07-14 05:51 - 00049644 _____ () C:\Windows\setupact.log

2015-02-01 19:01 - 2014-12-20 20:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-01 18:58 - 2014-12-20 23:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-01 18:40 - 2010-11-21 04:47 - 00012518 _____ () C:\Windows\PFRO.log

2015-02-01 18:32 - 2014-12-20 19:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-02-01 18:32 - 2014-12-20 19:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-02-01 18:32 - 2014-12-20 18:27 - 00001433 _____ () C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-01 18:32 - 2014-12-20 18:27 - 00001427 _____ () C:\Users\Tobias\Desktop\Internet Explorer.lnk

2015-01-31 21:02 - 2014-12-20 18:27 - 00000000 ____D () C:\Users\Tobias

2015-01-31 10:23 - 2014-12-20 21:48 - 00000000 ____D () C:\KMPlayer

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2015-01-30 23:34 - 2014-12-20 23:52 - 00000000 ____D () C:\Windows\system32\Macromed

2015-01-30 23:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2015-01-30 20:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-01-28 18:06 - 2014-12-20 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-01-25 12:05 - 2014-12-20 20:13 - 00000000 ____D () C:\ProgramData\Origin

2015-01-24 22:58 - 2014-12-20 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 22:58 - 2014-12-20 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 22:58 - 2014-12-20 23:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-23 20:50 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-17 15:54 - 2014-12-20 21:51 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Logitech

2015-01-17 15:54 - 2014-12-20 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2015-01-17 15:54 - 2014-12-20 21:36 - 00000000 ____D () C:\Program Files\Common Files\Logishrd

2015-01-17 15:54 - 2014-12-20 19:45 - 00000000 ____D () C:\ProgramData\LogiShrd

2015-01-15 20:02 - 2014-12-20 20:15 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-09 22:17 - 2014-12-20 19:40 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-08 22:30 - 2014-12-27 23:35 - 00000000 ____D () C:\Users\Tobias\AppData\Local\Battle.net

2015-01-04 16:45 - 2014-12-20 21:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2015-01-04 16:45 - 2014-12-20 21:50 - 00002326 _____ () C:\Windows\LkmdfCoInst.log

2015-01-02 22:36 - 2011-04-07 08:37 - 00163117 _____ () C:\Windows\DirectX.log

2015-01-02 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-01-02 18:10 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\AppData\Roaming\Tropico 5

2015-01-02 14:09 - 2014-12-27 23:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2015-01-02 00:58 - 2014-12-20 20:08 - 00000000 ____D () C:\Users\Tobias\Documents\my games
 

Some content of TEMP:

====================

C:\Users\Tobias\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Tobias\AppData\Local\Temp\InstHelper.exe

C:\Users\Tobias\AppData\Local\Temp\proxy_vole1051616676158214137.dll

C:\Users\Tobias\AppData\Local\Temp\Quarantine.exe

C:\Users\Tobias\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-01-24 15:49
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

Ist jetzt weg...

Kontroll-Scans:

Schritt 1

http://deeprybka.trojaner-board.de/m...mbamlogo4a.png http://deeprybka.trojaner-board.de/m...mbamlogo4b.png

Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo,

hat leider etwas länger gedauert, aber hier das Log vom MBAM

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 03.02.2015

Suchlauf-Zeit: 15:48:14

Logdatei: 

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.02.03.05

Rootkit Datenbank: v2015.01.14.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Tobias
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 333369

Verstrichene Zeit: 14 Min, 59 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 0

(Keine schädliche Elemente erkannt)
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

und hier vom ESET Online Scanner

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=1348fa5c149b3849a4a87ecc831b5c34

# engine=22287

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-03 05:33:15

# local_time=2015-02-03 06:33:15 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 3799765 125556243 0 0

# scanned=639050

# found=0

# cleaned=0

# scan_time=9728

Gut! Problem gelöst.

Nach dem Ausführen von Delfix ist ein guter Moment Deine wichtigen Online-Passwörter zu ändern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

http://www.trojaner-board.de/extra/lesestoff.pngWie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

http://deeprybka.trojaner-board.de/b...ast/schild.pngUpdates & Software

Beim Betriebsystem http://deeprybka.trojaner-board.de/b...an/windows.pngWindows die http://deeprybka.trojaner-board.de/b...an/updates.PNGautomatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser http://deeprybka.trojaner-board.de/b...n/browsers.png
Java http://deeprybka.trojaner-board.de/b...clean/java.png
Flash-Player http://filepony.de/icon/flashplayer_firefox.png & PDF-Reader http://filepony.de/icon/adobe_reader.png

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

http://deeprybka.trojaner-board.de/b...ast/schild.pngFirewall, Antivirus & Co.

Aktiviere eine http://deeprybka.trojaner-board.de/b...n/firewall.PNGFirewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit http://filepony.de/icon/malwarebytes_anti_malware.pngMalwarebytes Anti-Malware und http://filepony.de/icon/eset_online_scanner.pngESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

http://s1.directupload.net/images/140701/eivrliwa.pngCracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch http://deeprybka.trojaner-board.de/b...virustotal.png virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.