Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   NvBackend.exe Ungültiges Bild (https://www.trojaner-board.de/168096-nvbackend-exe-ungueltiges-bild.html)

Tafstar 20.06.2015 21:00
NvBackend.exe Ungültiges Bild
 
Hallo ich hatte mir gestern ein Programm runtergeladen mit welchem ich verlorengegangene Daten wiederherstellen kann.
Nunja mit dem Program zog ich mir auch unter anderem Viren und Trojaner auf den PC.

Mittlerweile habe ich alles was ich mir gestern installiert habe wieder deinstalliert und alle möglichen programme (Kaspersky, CCleaner, Malewarebytes und ADW Cleaner) durchlaufen lassen und hat auch einiges gebracht bis auf die eine Meldung.


NvBackend.exe Ungültiges Bild

C:Users/admim/AppData/Local/NVIDIA/NvBackend/ApplicationOntology/Ontology.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator oder Softwarelieferanten, um Unterstützung zu erhalten.

Vielleicht weiß jemand von euch mit welchem Programm ich den Fehler entgültig wegbekomme.
AUch ist mein PC ziemlich langsam noch obwohl angezeigt wird das der PC sicher ist.

Freundliche Grüße,

Tafstar

schrauber 20.06.2015 21:17
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Tafstar 20.06.2015 21:53
okay ich werde mir nun die 64 Bit Version runterladen, was genau bewirkt dieses Programm

Zitat:
Zitat von Tafstar (Beitrag 1480418)
okay ich werde mir nun die 64 Bit Version runterladen, was genau bewirkt dieses Programm
Muss ich auf Search Files oder Registry?Scan ist bei mir ausgegraut.

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by admin (administrator) on ADMIN-PC on 20-06-2015 22:49:21
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMp3.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\...\MountPoints2: E - E:\pushinst.exe
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\...\MountPoints2: {784e6565-0b59-11e4-8812-806e6f6e6963} - E:\pushinst.exe
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeXuS.lnk [2014-10-07]
ShortcutTarget: NeXuS.lnk -> C:\Program Files (x86)\Winstep\Nexus.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-19] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289\user.js [2015-06-20]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 Supportive Squadron; C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe [65536 2015-06-19] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-05-18] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-05-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-22] (Duplex Secure Ltd.)
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 22:42 - 2015-06-20 22:43 - 00033184 _____ C:\Users\admin\Desktop\Addition.txt
2015-06-20 22:40 - 2015-06-20 22:49 - 00014546 _____ C:\Users\admin\Desktop\FRST.txt
2015-06-20 22:40 - 2015-06-20 22:49 - 00000000 ____D C:\FRST
2015-06-20 22:38 - 2015-06-20 22:38 - 02109952 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2015-06-20 06:34 - 2015-06-20 06:34 - 00001376 _____ C:\Windows\IE11_main.log
2015-06-20 01:42 - 2015-06-20 01:42 - 00262144 _____ C:\Windows\system32\config\elam
2015-06-20 01:15 - 2015-06-20 01:37 - 00000000 ____D C:\Users\admin\AppData\Local\DesktopSearch
2015-06-19 23:22 - 2015-06-19 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-06-19 23:22 - 2015-06-19 23:21 - 00002097 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-06-19 23:20 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-06-19 23:19 - 2015-06-19 23:19 - 00000000 ____D C:\Windows\ELAMBKUP
2015-06-19 23:18 - 2015-06-20 21:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-19 23:18 - 2015-06-19 23:18 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-19 23:18 - 2015-05-18 22:16 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-06-19 23:18 - 2014-11-28 18:19 - 00151240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-06-19 23:18 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-06-19 23:12 - 2015-06-19 23:13 - 179560648 _____ (Kaspersky Lab) C:\Users\admin\Downloads\kav15.0.2.361de-de.exe
2015-06-19 23:02 - 2015-06-20 21:37 - 00001344 _____ C:\Windows\setupact.log
2015-06-19 23:02 - 2015-06-20 01:49 - 00067820 _____ C:\Windows\PFRO.log
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 _____ C:\Windows\setuperr.log
2015-06-19 22:51 - 2015-06-19 23:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 22:50 - 2015-06-19 22:50 - 00001112 _____ C:\Users\admin\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-19 22:50 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-19 22:50 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-19 22:50 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-19 22:47 - 2015-06-19 22:47 - 01198368 _____ C:\Users\admin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-06-19 22:26 - 2015-06-20 22:45 - 00140770 _____ C:\Windows\WindowsUpdate.log
2015-06-19 21:53 - 2015-06-19 22:23 - 00000000 ____D C:\ProgramData\Avira
2015-06-19 21:42 - 2015-06-19 21:43 - 00000985 _____ C:\Users\admin\Desktop\CCleaner.lnk
2015-06-19 21:42 - 2015-06-19 21:42 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_de_av_5584709b202a5__ws.exe
2015-06-19 21:42 - 2015-06-19 21:42 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-19 21:42 - 2015-06-19 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-19 21:42 - 2015-06-19 21:42 - 00000000 ____D C:\Program Files\CCleaner
2015-06-19 21:41 - 2015-06-19 21:41 - 05313056 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup506_slim.exe
2015-06-19 21:38 - 2015-06-19 23:08 - 00003450 _____ C:\Windows\System32\Tasks\Unknevna
2015-06-19 21:16 - 2015-06-20 21:36 - 00001010 _____ C:\Windows\Tasks\IVRaAuPZ53HmhODfZcM.job
2015-06-19 21:16 - 2015-06-19 21:16 - 00004036 _____ C:\Windows\System32\Tasks\IVRaAuPZ53HmhODfZcM
2015-06-19 21:15 - 2015-06-19 21:15 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 13:06 - 2015-06-19 13:06 - 00000000 ____D C:\Users\admin\AppData\Local\YouTubeToMp3
2015-06-19 12:38 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2015-06-19 12:38 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2015-06-19 12:38 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2015-06-19 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2015-06-19 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2015-06-19 12:34 - 2015-06-19 12:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-19 12:21 - 2015-06-19 12:21 - 00000000 _____ C:\Users\admin\AppData\Local\Temp.dat
2015-06-19 12:04 - 2015-06-19 12:25 - 00000000 ____D C:\Users\admin\AppData\Local\Opera Software
2015-06-19 12:03 - 2015-06-19 12:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Opera Software
2015-06-19 12:00 - 2015-06-19 12:25 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-19 12:00 - 2014-11-05 03:02 - 00008122 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-19 11:59 - 2015-06-20 02:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\83EA6FB1-1434707985-8131-A962-804A74206928
2015-06-19 11:49 - 2015-06-20 01:11 - 00000000 ____D C:\ProgramData\{0454ec79-c46f-8a7a-0454-4ec79c46b1e7}
2015-06-19 11:49 - 2015-06-19 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\Supportive Squadron
2015-06-19 09:21 - 2015-06-19 12:52 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2015-06-19 09:21 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2015-06-19 09:21 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2015-06-19 09:02 - 2015-06-19 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Data Recovery Suite
2015-06-19 08:58 - 2015-06-19 08:58 - 00000000 ____D C:\ProgramData\OO Software
2015-06-18 10:21 - 2015-06-19 12:18 - 00000000 ____D C:\Program Files (x86)\SupervisionCam
2015-06-18 10:15 - 2015-06-18 10:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\CrazyPixels
2015-06-17 06:45 - 2015-06-20 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 13:51 - 2015-06-10 13:51 - 00000000 ____D C:\04880cb472b061b0e55e9f0dd2
2015-06-10 12:56 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:56 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 12:55 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 12:55 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 12:55 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 12:55 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 12:55 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 12:55 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 12:55 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 12:55 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 12:55 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 12:55 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 12:55 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 12:55 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 12:55 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 12:55 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 12:55 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 12:55 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 12:55 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 12:55 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 12:55 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 12:54 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:54 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 14:39 - 2015-06-07 14:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2015-06-06 16:19 - 2015-06-19 22:04 - 00000000 ____D C:\Users\admin\Desktop\Neue Musik
2015-06-06 15:54 - 2015-06-06 15:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-05-29 14:21 - 2015-05-29 14:21 - 00000000 __SHD C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 22:35 - 2014-04-05 14:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 21:45 - 2009-07-14 06:45 - 00039920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 21:45 - 2009-07-14 06:45 - 00039920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-20 21:36 - 2014-07-14 20:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-20 21:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 01:49 - 2014-09-17 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 01:11 - 2015-04-03 17:46 - 00000000 ____D C:\ProgramData\{311b518e-e658-8319-311b-b518ee65463b}
2015-06-19 23:00 - 2014-07-29 12:54 - 00000000 ____D C:\AdwCleaner
2015-06-19 22:23 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-19 22:21 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-19 22:04 - 2014-08-15 12:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 21:47 - 2015-01-22 19:36 - 00000000 ____D C:\Program Files\VideoLAN
2015-06-19 21:46 - 2014-11-01 01:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-19 21:46 - 2014-07-31 10:10 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-06-19 21:45 - 2007-08-28 01:57 - 00001417 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-19 13:25 - 2015-03-29 00:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2015-06-19 13:21 - 2007-08-28 01:56 - 00000000 ____D C:\Users\admin
2015-06-19 13:05 - 2014-10-07 20:21 - 00001294 _____ C:\Users\admin\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2015-06-19 12:52 - 2014-08-16 12:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2015-06-19 12:48 - 2015-03-10 23:44 - 00000000 ____D C:\Users\admin\Tracing
2015-06-19 12:17 - 2015-04-26 11:02 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-19 12:17 - 2015-03-29 00:10 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-19 12:17 - 2015-03-10 23:41 - 00002717 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-19 12:17 - 2015-01-24 21:28 - 00002605 _____ C:\Users\Public\Desktop\iSpy64.lnk
2015-06-19 12:17 - 2015-01-23 19:53 - 00001648 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-06-19 12:17 - 2015-01-11 22:24 - 00001156 _____ C:\Users\admin\Desktop\Blur.lnk
2015-06-19 12:17 - 2014-11-01 01:11 - 00000991 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-19 12:05 - 2009-07-14 04:34 - 00000505 _____ C:\Windows\win.ini
2015-06-19 11:36 - 2013-06-10 07:45 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-06-19 11:36 - 2013-06-10 07:45 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-06-19 11:36 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-19 06:18 - 2014-08-23 06:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-06-18 18:51 - 2015-01-22 19:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\iSpy
2015-06-17 06:11 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-11 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 16:03 - 2009-07-14 06:45 - 00416688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 08:46 - 2015-01-24 16:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 08:46 - 2014-04-22 20:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 13:51 - 2014-04-05 15:58 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 13:51 - 2014-04-05 15:58 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 13:35 - 2014-04-05 14:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 13:35 - 2014-04-05 14:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 13:35 - 2014-04-05 14:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-07 14:39 - 2015-03-29 00:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-07 14:38 - 2015-03-29 00:10 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\admin\AppData\Roaming\IVRaAuPZ53HmhODfZcM
2015-04-23 21:35 - 2015-04-23 21:36 - 0011602 _____ () C:\Users\admin\AppData\Local\Temp-log.txt
2015-06-19 12:21 - 2015-06-19 12:21 - 0000000 _____ () C:\Users\admin\AppData\Local\Temp.dat
2014-07-14 19:30 - 2014-07-14 19:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
C:\Users\admin\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
[CODE]Additional
FRST Logfile:
Code:
scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by admin at 2015-06-20 22:42:16
Running from C:\Users\admin\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2086946254-1975008648-3401415134-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2086946254-1975008648-3401415134-500 - Administrator - Disabled)
Gast (S-1-5-21-2086946254-1975008648-3401415134-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blur (HKLM-x32\...\Blur_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DriverEasy 4.7.3 (HKLM\...\DriverEasy_is1) (Version: 4.7.3.0 - Easeware)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{2A7CA411-59A0-4C3E-A33F-D7DDF483B233}) (Version: 6.3.0 - iSpy)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
MediaHuman YouTube to MP3 Converter Version 3.8.1 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.8.1 - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.3 - Andrea Vacondio)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-06-2015 17:32:10 Windows Update
12-06-2015 10:31:47 Windows Update
16-06-2015 06:52:12 Windows Update
16-06-2015 11:21:42 Windows Update
17-06-2015 09:38:17 Windows Update
17-06-2015 17:48:52 Windows Update
18-06-2015 11:36:00 Windows Update
18-06-2015 21:41:13 Windows Update
19-06-2015 08:58:37 Installed O&O MediaRecovery
19-06-2015 12:33:07 Installed QuickTime 7
19-06-2015 12:52:37 Removed QuickTime 7
19-06-2015 12:54:42 Removed O&O MediaRecovery
19-06-2015 14:24:25 Windows Update
20-06-2015 06:19:11 Windows Update
20-06-2015 06:31:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-07-31 14:11 - 2014-11-05 03:02 - 00008122 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                  activate.adobe.com
127.0.0.1                  practivate.adobe.com
127.0.0.1                  lmlicenses.wip4.adobe.com
127.0.0.1                  lm.licenses.adobe.com
127.0.0.1                  na1r.services.adobe.com
127.0.0.1                  hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.de
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.de
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.de
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.de
127.0.0.1 activate.wip.adobe.com

There are 133 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13050755-EDC9-4361-827C-9701AC466558} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {279D6120-235E-4F30-BD9C-341AB4F389F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {2837587A-F0A5-48E1-9AD2-5D764387031C} - System32\Tasks\{3C7045C7-B4F9-410D-B94F-AE25B111302D} => pcalua.exe -a C:\Users\admin\Downloads\trilogyi.exe -d C:\Users\admin\Downloads
Task: {2959A3E6-D125-494D-8CA4-06D1D13F10FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {33A13DEE-0006-4B82-B6F5-0D5269370ADF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {491A9252-2E88-437D-A6D2-A72609EE2F22} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {5411FDDF-35FA-4685-97A3-284AD61B637F} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {5B4F11C9-CA0D-47D3-9597-A5BC1A67A5D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {63851F86-6878-4A8E-927A-9F2C3838FF7D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {664F3BFD-29BB-43FC-98F3-F2F6911A9199} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {90DA0D5D-B450-4DFE-ABB0-F00618DBBDDC} - System32\Tasks\AdobeAAMUpdater-1.0-admin-PC-admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {92BF6FAD-4684-4273-9037-18EA9A58C807} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {98B02120-952A-4CB8-BE4E-67D54A3A2721} - \avabvbavad No Task File <==== ATTENTION
Task: {AC03044A-93F2-4B7D-9B1B-3414E135B310} - System32\Tasks\IVRaAuPZ53HmhODfZcM => C:\Users\admin\AppData\Roaming\IVRaAuPZ53HmhODfZcM.exe <==== ATTENTION
Task: {CB52BE75-DADC-4970-86F9-D82ACABD9528} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FA3F4B31-85A4-4EC3-88B2-C596EA7F5347} - System32\Tasks\Unknevna => C:\ProgramData\Unknevna\1.0.1.0\eiiuhimu.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\IVRaAuPZ53HmhODfZcM.job => C:\Users\admin\AppData\Roaming\IVRaAuPZ53HmhODfZcM.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-07-14 20:01 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 15:41 - 2014-09-26 15:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-06-19 11:49 - 2015-06-19 11:49 - 00065536 _____ () C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-21 20:42 - 2015-06-05 01:54 - 03330960 _____ () C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\YouTubeToMp3.exe
2015-03-30 23:43 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\kpcengine.2.3.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-09-21 20:42 - 2014-03-08 00:56 - 00117262 _____ () C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\libgcc_s_dw2-1.dll
2014-10-28 22:06 - 2014-03-08 00:56 - 00970766 _____ () C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\libstdc++-6.dll
2014-09-21 20:42 - 2014-10-14 14:19 - 15347214 _____ () C:\Program Files (x86)\MediaHuman\YouTube to MP3 Converter\ffmpeg.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk => C:\Windows\pss\Stardock ObjectDock.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D2668B97-E1ED-4956-A2A6-D4F8B977930B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5C916F37-5195-4336-B83D-BD2C659328E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA48E68C-DA61-4166-A24E-83B60E88A773}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3BB0B764-5F7F-4A78-A729-022E377BBE30}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7FDE3E15-D069-49B7-A42C-47B22A0D5185}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{920F6A5A-1770-4390-B38A-2550E2047CFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D85E509B-7AE0-4312-B15E-F3EBF777DDCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3C822C1-C205-4B1D-9ED3-F05D2C39AE80}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB9F8285-FE29-4D50-AF29-41E60216729E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DD426BB1-FCB8-4112-BA9C-2B106067A040}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{19929026-C6D4-4F94-8864-D282342958F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{795F2861-C444-41C9-A66B-C1C9CF2DE23D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{24EE2518-D399-4EED-AD58-069AFD58F911}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
FirewallRules: [{656DEC55-63E0-4FA1-9197-03F40C69FFE3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
FirewallRules: [{6AFAB3CD-F951-4888-A3EF-15FA0FA346F7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
FirewallRules: [{E666D0DB-8A96-45C4-8ECD-131C58813AB9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
FirewallRules: [{781487A0-9A41-4373-B090-A09AD5A59364}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe
FirewallRules: [{01797165-2B3C-44CD-86B9-C57970B7007D}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe
FirewallRules: [{D303D9D2-79F4-49EB-B914-2A355E73443D}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe
FirewallRules: [{AE06CD37-C718-4BE3-B9A0-180B2001AD55}] => (Block) %ProgramFiles% (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe
FirewallRules: [{E93B6D1D-CBB6-42A5-A8B2-DCBC6896E305}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BAAA7136-E2F1-4FC2-8963-8C5C7D409DB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A8DF3A8-EC77-4184-86B9-F8B04FF1AB5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB113596-19C8-4A35-94EF-6E8EE4EBFBE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7859CC10-4E2E-4B4B-A6F0-A65EC3ECCFC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A58F596E-0F6C-40DD-903E-3838DB3D9A8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AEFD002B-23AB-48E9-B6D4-A656B9E82561}C:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) C:\program files (x86)\r.g. mechanics\blur\blur.exe
FirewallRules: [UDP Query User{6642FCD2-7416-4AF0-B034-0BE2195A97D3}C:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) C:\program files (x86)\r.g. mechanics\blur\blur.exe
FirewallRules: [TCP Query User{FB23E7EB-29ED-4583-B64F-D11D486CEE14}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C52E76BD-BF3F-4C08-95F9-7B52EDF99854}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3C80A0C2-EDD0-487B-B35D-137184DD3AEE}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [UDP Query User{24AF74EB-A912-480E-8623-0E4F6D22B52D}C:\program files\ispy\ispy (64 bit)\ispy.exe] => (Allow) C:\program files\ispy\ispy (64 bit)\ispy.exe
FirewallRules: [{F8E1A37E-EECD-4A99-9E76-933BE52894A3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C425CB29-4B3C-4188-9135-06AD98D68779}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F219E9A9-D6AC-41DD-A9C5-7BCBEC6FCBAC}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{087F0C40-418A-44F4-B1BB-E8E7D02C34D6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4C76C55B-7EE1-4398-8F30-42CF4102F95D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{458F375E-68A3-4B41-BA75-2981E537BDD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81CEE013-6363-4F8C-9597-6B5BA9D5A0AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CF634B1E-6843-4C5B-BB76-BC51F8C30A63}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4E119DC5-C4D1-4BD9-8044-5CCA5F570BFD}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{7505C28F-A4C2-449D-A30A-866CDC75C754}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 09:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 09:37:06 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/20/2015 09:37:06 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/20/2015 09:37:05 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/20/2015 08:02:14 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/20/2015 07:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 07:19:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0xc78
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (06/20/2015 06:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 06:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Name des fehlerhaften Moduls: NvStreamNetworkService.exe, Version: 4.1.1943.6202, Zeitstempel: 0x551399be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000004e920f
ID des fehlerhaften Prozesses: 0x83c
Startzeit der fehlerhaften Anwendung: 0xNvStreamNetworkService.exe0
Pfad der fehlerhaften Anwendung: NvStreamNetworkService.exe1
Pfad des fehlerhaften Moduls: NvStreamNetworkService.exe2
Berichtskennung: NvStreamNetworkService.exe3

Error: (06/20/2015 06:14:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/20/2015 09:37:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kaspersky Anti-Virus Service 15.0.2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/20/2015 09:36:36 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/20/2015 09:36:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/20/2015 09:36:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎06.‎2015 um 08:02:34 unerwartet heruntergefahren.

Error: (06/20/2015 07:52:19 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (06/20/2015 07:52:17 AM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

Error: (06/20/2015 07:19:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/20/2015 07:19:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/20/2015 07:18:50 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (06/20/2015 07:18:48 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.


Microsoft Office:
=========================
Error: (06/20/2015 09:39:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 09:37:06 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/20/2015 09:37:06 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/20/2015 09:37:05 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/20/2015 08:02:14 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0]

Error: (06/20/2015 07:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 07:19:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920fc7801d0ab18a5d260b2C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exee7cf6a12-170b-11e5-a9a7-0021976e8523

Error: (06/20/2015 06:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2015 06:27:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvStreamNetworkService.exe4.1.1943.6202551399beNvStreamNetworkService.exe4.1.1943.6202551399bec000000500000000004e920f83c01d0ab1160e5f314C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeb50c7ff0-1704-11e5-b88f-0021976e8523

Error: (06/20/2015 06:14:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 70%
Total physical RAM: 2047.24 MB
Available physical RAM: 594.33 MB
Total Pagefile: 4094.48 MB
Available Pagefile: 1924.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive b: (System) (Fixed) (Total:19.53 GB) (Free:19.44 GB) NTFS
Drive c: (System) (Fixed) (Total:213.25 GB) (Free:135.85 GB) NTFS
Drive e: (System) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F0D0FA35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=213.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)

==================== End of log ============================
--- --- ---

schrauber 21.06.2015 11:12
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    globalupdate Helper


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 







Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tafstar 21.06.2015 23:28
Vielen Dank für deine Antwort, bin heute nicht mehr dazu gekommen. Werde es morgen früh gleich probieren und dann berichten.

Gute Nacht

schrauber 22.06.2015 12:48
ok :)

Tafstar 22.06.2015 12:54
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo, ich habe nun nach dem globalupdate helper gesucht aber nichts gefunden.
im Anhang habe ich ein Screenshot hochgeladen mit der Liste meiner angezeigten Programmen. Aber ich sehe nichts ungewöhnliches.

Anhang 74668

Tafstar 22.06.2015 15:35
Was ich gerade gesehen habe (Desktop Capture Engine) das wurde mit SUPER 2015 einem Programm für Formatkonvertierungen mit installiert. Bei meiner recherche im Internet wurde auch berichtet das bei einer uninstallation ein Bluescreen nach dem nächsten Neustart angezeigt wird und man Windows dann wiederherstellen muss.
Ich habe leider weder eine WindowsCD noch ein vom Hersteller anständiges Programm drauf um den PC ohne CD herzustellen.
Ich werde es wahrscheinlich nicht löschen können und kann nur hoffen das diese Datei nicht verseucht ist. Oder gibts ne möglichkeit das rauszufinden?

So und hier habe ich die LogFile.
Sehe da immer wieder was von Kaspersky usw. aber ich hatte die nicht rennen zu dem Zeitpunkt an dem ComboFix lief.




Code:
ComboFix 15-06-22.01 - admin 22.06.2015  14:05:56.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2047.768 [GMT 2:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\msdownld.tmp
c:\windows\SysWow64\SetupComponents.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-05-22 bis 2015-06-22  ))))))))))))))))))))))))))))))
.
.
2015-06-22 12:29 . 2015-06-22 12:29        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-06-22 11:45 . 2015-06-22 11:45        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-06-20 20:40 . 2015-06-20 20:54        --------        d-----w-        C:\FRST
2015-06-19 23:15 . 2015-06-19 23:37        --------        d-----w-        c:\users\admin\AppData\Local\DesktopSearch
2015-06-19 21:20 . 2013-05-06 06:13        110176        ----a-w-        c:\windows\system32\klfphc.dll
2015-06-19 21:19 . 2015-06-19 21:19        --------        d-----w-        c:\windows\ELAMBKUP
2015-06-19 21:18 . 2015-06-22 11:48        --------        d-----w-        c:\programdata\Kaspersky Lab
2015-06-19 21:18 . 2015-06-19 21:18        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2015-06-19 21:18 . 2015-05-18 20:16        842440        ----a-w-        c:\windows\system32\drivers\klif.sys
2015-06-19 21:18 . 2014-11-28 16:19        151240        ----a-w-        c:\windows\system32\drivers\klflt.sys
2015-06-19 21:18 . 2014-10-22 19:13        245960        ----a-w-        c:\windows\system32\drivers\klhk.sys
2015-06-19 20:51 . 2015-06-19 21:07        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-19 20:50 . 2015-06-19 20:50        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-19 20:50 . 2015-06-19 20:50        --------        d-----w-        c:\programdata\Malwarebytes
2015-06-19 20:50 . 2015-04-14 07:37        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-06-19 20:50 . 2015-04-14 07:37        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-06-19 20:50 . 2015-04-14 07:37        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-06-19 19:53 . 2015-06-19 20:23        --------        d-----w-        c:\programdata\Avira
2015-06-19 19:42 . 2015-06-19 19:42        --------        d-----w-        c:\program files\CCleaner
2015-06-19 19:13 . 2015-06-19 19:13        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8D21E0-AE45-4431-8A18-06DF68C6AC3B}\offreg.3528.dll
2015-06-19 11:06 . 2015-06-19 11:06        --------        d-----w-        c:\users\admin\AppData\Local\YouTubeToMp3
2015-06-19 10:38 . 2004-02-22 08:11        764416        --sh--w-        c:\windows\SysWow64\devil.dll
2015-06-19 10:38 . 2009-09-27 07:39        415744        --sh--w-        c:\windows\SysWow64\avisynth.dll
2015-06-19 10:38 . 2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWow64\AVSredirect.dll
2015-06-19 10:38 . 2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWow64\yv12vfw.dll
2015-06-19 10:38 . 2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWow64\i420vfw.dll
2015-06-19 10:34 . 2015-06-19 10:54        --------        d-----w-        c:\program files (x86)\QuickTime
2015-06-19 10:04 . 2015-06-19 10:25        --------        d-----w-        c:\users\admin\AppData\Local\Opera Software
2015-06-19 10:03 . 2015-06-19 10:25        --------        d-----w-        c:\users\admin\AppData\Roaming\Opera Software
2015-06-19 10:00 . 2015-06-19 10:25        --------        d-----w-        c:\program files (x86)\Opera
2015-06-19 09:59 . 2015-06-20 00:47        --------        d-----w-        c:\users\admin\AppData\Roaming\83EA6FB1-1434707985-8131-A962-804A74206928
2015-06-19 09:49 . 2015-06-19 23:11        --------        d-----w-        c:\programdata\{0454ec79-c46f-8a7a-0454-4ec79c46b1e7}
2015-06-19 09:49 . 2015-06-19 09:49        --------        d-----w-        c:\users\admin\AppData\Roaming\Supportive Squadron
2015-06-19 07:21 . 2004-07-02 15:33        327749        ----a-w-        c:\windows\SysWow64\drvc.dll
2015-06-19 07:21 . 2015-06-19 10:52        --------        d-----w-        c:\program files (x86)\eRightSoft
2015-06-19 06:58 . 2015-06-19 06:58        --------        d-----w-        c:\programdata\OO Software
2015-06-18 08:21 . 2015-06-19 10:18        --------        d-----w-        c:\program files (x86)\SupervisionCam
2015-06-18 08:15 . 2015-06-18 08:15        --------        d-----w-        c:\users\admin\AppData\Roaming\CrazyPixels
2015-06-18 04:57 . 2015-06-18 04:57        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8D21E0-AE45-4431-8A18-06DF68C6AC3B}\offreg.2524.dll
2015-06-17 04:17 . 2015-05-03 03:16        12214312        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E8D21E0-AE45-4431-8A18-06DF68C6AC3B}\mpengine.dll
2015-06-10 11:51 . 2015-06-10 11:51        --------        d-----w-        C:\04880cb472b061b0e55e9f0dd2
2015-06-10 10:56 . 2015-04-24 18:17        633856        ----a-w-        c:\windows\system32\comctl32.dll
2015-06-10 10:56 . 2015-04-24 17:56        530432        ----a-w-        c:\windows\SysWow64\comctl32.dll
2015-06-10 10:54 . 2015-05-25 17:08        3206144        ----a-w-        c:\windows\system32\win32k.sys
2015-06-10 10:54 . 2015-04-11 03:19        69888        ----a-w-        c:\windows\system32\drivers\stream.sys
2015-06-07 12:39 . 2015-06-07 12:39        --------        d-----w-        c:\users\admin\AppData\Roaming\TeamViewer
2015-05-29 12:21 . 2015-05-29 12:21        --------        d-----w-        C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-10 11:51 . 2014-04-05 13:58        140135120        ----a-w-        c:\windows\system32\MRT.exe
2015-06-10 11:35 . 2014-04-05 12:44        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-10 11:35 . 2014-04-05 12:44        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:01 . 2015-06-10 10:55        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-05-18 20:16 . 2015-05-18 20:16        56008        ----a-w-        c:\windows\system32\drivers\kldisk.sys
2015-05-01 13:17 . 2015-05-13 21:49        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 21:49        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-22 20:55 . 2015-04-22 20:55        381608        ----a-w-        c:\windows\system32\drivers\sptd.sys
2015-04-20 03:17 . 2015-05-13 20:08        1647104        ----a-w-        c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 20:08        1179136        ----a-w-        c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 20:07        1250816        ----a-w-        c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 20:09        460800        ----a-w-        c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 20:09        342016        ----a-w-        c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 20:08        328704        ----a-w-        c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 20:07        275456        ----a-w-        c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 20:07        24576        ----a-w-        c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 20:07        216064        ----a-w-        c:\windows\SysWow64\InkEd.dll
2015-03-28 03:44 . 2014-09-21 15:41        1316000        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:44 . 2014-09-21 15:41        1316000        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:43 . 2014-09-21 15:41        1756424        ----a-w-        c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2014-09-21 15:41        1570672        ----a-w-        c:\windows\system32\nvspcap64.dll
2015-03-25 03:24 . 2015-04-18 16:46        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-18 16:46        37376        ----a-w-        c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-18 16:46        35328        ----a-w-        c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-18 16:46        3298816        ----a-w-        c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-18 16:46        191488        ----a-w-        c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-18 16:46        2553856        ----a-w-        c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-18 16:46        696320        ----a-w-        c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-18 16:46        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-18 16:46        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-18 16:46        36864        ----a-w-        c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-18 16:46        135168        ----a-w-        c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-18 16:46        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-18 16:46        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-18 16:46        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-18 16:46        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-18 16:46        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2009-09-27 07:39        415744        --sh--w-        c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11        764416        --sh--w-        c:\windows\SysWOW64\devil.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Supportive Squadron;Supportive Squadron;c:\users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe;c:\users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech B525 HD Webcam(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NVSTREAMKMS
.
Inhalt des "geplante Tasks" Ordners
.
2015-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-05 11:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 13:41        1021088        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mDefault_Page_URL = about:blank
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289\
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NeXuS.lnk - c:\program files (x86)\Winstep\Nexus.exe autostart
HKLM_Wow6432Node-ActiveSetup-installed components - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-06-22  14:38:16
ComboFix-quarantined-files.txt  2015-06-22 12:38
.
Vor Suchlauf: 15 Verzeichnis(se), 144.724.627.456 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 144.188.919.808 Bytes frei
.
- - End Of File - - CBB6D69EF1CCC50DA1413505D615FA01
A36C5E4F47E84449FF07ED3517B43A31
Hier sind einige Programme die mir mit der Software OO (weshalb ich das Problem habe) mitinstalliert wurden, bzw. sich selbst nach und nach installiert haben.

Das verursachende Programm musste das rot markierte sein, wenn ich mich nicht täusche.


c:\program files (x86)\QuickTime
2015-06-19 10:04 . 2015-06-19 10:25 -------- d-----w- c:\users\admin\AppData\Local\Opera Software
2015-06-19 10:03 . 2015-06-19 10:25 -------- d-----w- c:\users\admin\AppData\Roaming\Opera Software
2015-06-19 10:00 . 2015-06-19 10:25 -------- d-----w- c:\program files (x86)\Opera
2015-06-19 09:59 . 2015-06-20 00:47 -------- d-----w- c:\users\admin\AppData\Roaming\83EA6FB1-1434707985-8131-A962-804A74206928
2015-06-19 09:49 . 2015-06-19 23:11 -------- d-----w- c:\programdata\{0454ec79-c46f-8a7a-0454-4ec79c46b1e7}
2015-06-19 09:49 . 2015-06-19 09:49 -------- d-----w- c:\users\admin\AppData\Roaming\Supportive Squadron
2015-06-19 07:21 . 2004-07-02 15:33 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2015-06-19 07:21 . 2015-06-19 10:52 -------- d-----w- c:\program files (x86)\eRightSoft
2015-06-19 06:58 . 2015-06-19 06:58 -------- d-----w- c:\programdata\OO Software
2015-06-18 08:21 . 2015-06-19 10:18 -------- d-----w- c:\program files (x86)\SupervisionCam

Tafstar 22.06.2015 16:30
Liste der Anhänge anzeigen (Anzahl: 1)
Zitat:
Zitat von Tafstar (Beitrag 1480889)
Hallo, ich habe nun nach dem globalupdate helper gesucht aber nichts gefunden.
im Anhang habe ich ein Screenshot hochgeladen mit der Liste meiner angezeigten Programmen. Aber ich sehe nichts ungewöhnliches.

Anhang 74668


In der Reg. habe ich auch noch folgendes gefunden.
Habs mal gepostet weiß nicht obs relevant ist.
Anhang 74681

Tafstar 23.06.2015 05:55
Was ich noch beobachtet habe ist, dass andauernd irgendwelche Programme wie Mozilla verschwinden bzw. wenn ich draufklicke steht, dass das Programm gelöscht wurde und ich werde gefragt ob ich das Symbol vom Desktop dann löschen möchte???

schrauber 23.06.2015 12:17
Poste bitte nochmal ein frisches FRST Log.

Tafstar 23.06.2015 12:55
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by admin (administrator) on ADMIN-PC on 23-06-2015 13:51:04
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-19] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289\user.js [2015-06-22]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\yj8crew8.default-1434747001289\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-06-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-06-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-22] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Supportive Squadron; C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe [65536 2015-06-19] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-22] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-22] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-22] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225968 2015-06-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-22] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-22] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-22] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-22] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-04-22] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 13:51 - 2015-06-23 13:51 - 00014813 _____ C:\Users\admin\Desktop\FRST.txt
2015-06-23 13:49 - 2015-06-23 13:49 - 00000000 ___SD C:\ComboFix
2015-06-23 11:03 - 2015-06-23 11:03 - 00000168 _____ C:\Windows\setupact.log
2015-06-23 11:03 - 2015-06-23 11:03 - 00000000 _____ C:\Windows\setuperr.log
2015-06-23 07:00 - 2015-06-23 07:00 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-23 07:00 - 2015-06-23 07:00 - 00001389 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-23 07:00 - 2015-06-23 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-23 07:00 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-06-23 06:58 - 2015-06-23 06:58 - 01198368 _____ C:\Users\admin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-06-23 06:58 - 2015-06-23 06:58 - 00013848 _____ C:\Users\admin\Desktop\firefox.exe - Verknüpfung.lnk
2015-06-22 14:38 - 2015-06-22 14:38 - 00023846 _____ C:\ComboFix.txt
2015-06-22 14:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-22 14:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-22 14:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-22 14:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-22 14:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-22 14:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-22 14:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-22 14:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-22 14:03 - 2015-06-23 13:49 - 00000000 ____D C:\Qoobox
2015-06-22 14:03 - 2015-06-22 14:35 - 00000000 ____D C:\Windows\erdnt
2015-06-22 13:45 - 2015-06-22 13:45 - 00001274 _____ C:\Users\admin\Desktop\Revo Uninstaller.lnk
2015-06-22 13:45 - 2015-06-22 13:45 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-06-22 00:27 - 2015-06-22 00:29 - 00001949 _____ C:\Users\admin\Desktop\Next Part.txt
2015-06-22 00:24 - 2015-06-23 13:47 - 05629494 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-06-22 00:24 - 2015-06-22 00:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\admin\Desktop\revosetup95.exe
2015-06-21 03:40 - 2015-06-21 03:41 - 00000008 __RSH C:\Users\admin\ntuser.pol
2015-06-20 22:40 - 2015-06-23 13:51 - 00000000 ____D C:\FRST
2015-06-20 22:38 - 2015-06-20 22:38 - 02109952 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-06-20 01:42 - 2015-06-20 01:42 - 00262144 _____ C:\Windows\system32\config\elam
2015-06-20 01:15 - 2015-06-20 01:37 - 00000000 ____D C:\Users\admin\AppData\Local\DesktopSearch
2015-06-19 23:22 - 2015-06-19 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-06-19 23:22 - 2015-06-19 23:21 - 00002097 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-06-19 23:20 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-06-19 23:19 - 2015-06-19 23:19 - 00000000 ____D C:\Windows\ELAMBKUP
2015-06-19 23:18 - 2015-06-23 12:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-19 23:18 - 2015-06-19 23:18 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-19 23:12 - 2015-06-19 23:13 - 179560648 _____ (Kaspersky Lab) C:\Users\admin\Downloads\kav15.0.2.361de-de.exe
2015-06-19 22:51 - 2015-06-19 23:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 22:50 - 2015-06-19 22:50 - 00001112 _____ C:\Users\admin\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-19 22:50 - 2015-06-19 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-19 22:50 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-19 22:50 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-19 22:50 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-19 22:47 - 2015-06-19 22:47 - 01198368 _____ C:\Users\admin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2015-06-19 22:26 - 2015-06-23 12:44 - 00435099 _____ C:\Windows\WindowsUpdate.log
2015-06-19 21:53 - 2015-06-19 22:23 - 00000000 ____D C:\ProgramData\Avira
2015-06-19 21:42 - 2015-06-19 21:43 - 00000985 _____ C:\Users\admin\Desktop\CCleaner.lnk
2015-06-19 21:42 - 2015-06-19 21:42 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_de_av_5584709b202a5__ws.exe
2015-06-19 21:42 - 2015-06-19 21:42 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-19 21:42 - 2015-06-19 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-19 21:42 - 2015-06-19 21:42 - 00000000 ____D C:\Program Files\CCleaner
2015-06-19 21:41 - 2015-06-19 21:41 - 05313056 _____ (Piriform Ltd) C:\Users\admin\Downloads\ccsetup506_slim.exe
2015-06-19 21:38 - 2015-06-19 23:08 - 00003450 _____ C:\Windows\System32\Tasks\Unknevna
2015-06-19 21:15 - 2015-06-19 21:15 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 13:06 - 2015-06-19 13:06 - 00000000 ____D C:\Users\admin\AppData\Local\YouTubeToMp3
2015-06-19 12:38 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2015-06-19 12:38 - 2005-07-14 12:31 - 00032256 ___SH C:\Windows\SysWOW64\AVSredirect.dll
2015-06-19 12:38 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2015-06-19 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2015-06-19 12:38 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2015-06-19 12:34 - 2015-06-19 12:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-19 12:21 - 2015-06-19 12:21 - 00000000 _____ C:\Users\admin\AppData\Local\Temp.dat
2015-06-19 12:04 - 2015-06-19 12:25 - 00000000 ____D C:\Users\admin\AppData\Local\Opera Software
2015-06-19 12:03 - 2015-06-19 12:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\Opera Software
2015-06-19 12:00 - 2015-06-19 12:25 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-19 12:00 - 2014-11-05 03:02 - 00008122 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-19 11:59 - 2015-06-20 02:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\83EA6FB1-1434707985-8131-A962-804A74206928
2015-06-19 11:49 - 2015-06-20 01:11 - 00000000 ____D C:\ProgramData\{0454ec79-c46f-8a7a-0454-4ec79c46b1e7}
2015-06-19 11:49 - 2015-06-19 11:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\Supportive Squadron
2015-06-19 09:21 - 2015-06-19 12:52 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2015-06-19 09:21 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2015-06-19 09:21 - 2004-07-02 17:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2015-06-19 09:02 - 2015-06-19 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Data Recovery Suite
2015-06-19 08:58 - 2015-06-19 08:58 - 00000000 ____D C:\ProgramData\OO Software
2015-06-18 10:21 - 2015-06-19 12:18 - 00000000 ____D C:\Program Files (x86)\SupervisionCam
2015-06-18 10:15 - 2015-06-18 10:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\CrazyPixels
2015-06-17 06:45 - 2015-06-20 01:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 13:51 - 2015-06-10 13:51 - 00000000 ____D C:\04880cb472b061b0e55e9f0dd2
2015-06-10 12:56 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 12:56 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 12:55 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 12:55 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 12:55 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 12:55 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 12:55 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 12:55 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 12:55 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 12:55 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 12:55 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 12:55 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 12:55 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 12:55 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 12:55 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 12:55 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 12:55 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 12:55 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 12:55 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 12:55 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 12:55 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 12:55 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 12:55 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 12:55 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 12:55 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 12:55 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 12:55 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 12:55 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 12:55 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 12:55 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 12:55 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 12:54 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 12:54 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-07 14:39 - 2015-06-07 14:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2015-06-06 16:19 - 2015-06-22 16:57 - 00000000 ____D C:\Users\admin\Desktop\Neue Musik
2015-06-06 15:54 - 2015-06-06 15:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-05-29 14:21 - 2015-05-29 14:21 - 00000000 ____D C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 13:35 - 2014-04-05 14:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-23 11:11 - 2009-07-14 06:45 - 00039920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 11:11 - 2009-07-14 06:45 - 00039920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 11:03 - 2014-07-14 20:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 11:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 07:47 - 2014-07-31 10:10 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2015-06-23 07:08 - 2014-07-29 09:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-23 07:00 - 2014-07-29 09:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-23 06:27 - 2014-08-23 06:20 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-06-22 16:54 - 2015-05-18 22:16 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-06-22 16:54 - 2015-05-18 22:16 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-06-22 16:54 - 2014-11-28 18:19 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-06-22 16:54 - 2014-11-22 14:12 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-06-22 16:54 - 2014-11-10 17:48 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-06-22 16:54 - 2014-10-30 04:22 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-06-22 16:54 - 2014-10-22 21:13 - 00225968 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-06-22 16:54 - 2014-10-10 17:02 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-06-22 16:54 - 2014-10-09 12:31 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2015-06-22 16:54 - 2014-03-31 10:47 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-06-22 16:54 - 2013-08-08 16:11 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-06-22 16:54 - 2013-04-12 14:34 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-06-22 16:53 - 2013-01-14 20:10 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-06-22 14:38 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-22 14:30 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-21 17:25 - 2013-06-10 07:45 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-06-21 17:25 - 2013-06-10 07:45 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-06-21 17:25 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-21 03:41 - 2007-08-28 01:56 - 00000000 ____D C:\Users\admin
2015-06-21 03:33 - 2015-01-23 19:53 - 00002614 _____ C:\Users\Public\Desktop\Logitech Webcam Software.lnk
2015-06-20 01:49 - 2014-09-17 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-20 01:11 - 2015-04-03 17:46 - 00000000 ____D C:\ProgramData\{311b518e-e658-8319-311b-b518ee65463b}
2015-06-19 23:00 - 2014-07-29 12:54 - 00000000 ____D C:\AdwCleaner
2015-06-19 22:23 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-19 22:21 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-19 22:04 - 2014-08-15 12:00 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 21:47 - 2015-01-22 19:36 - 00000000 ____D C:\Program Files\VideoLAN
2015-06-19 21:46 - 2014-11-01 01:11 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-19 21:45 - 2007-08-28 01:57 - 00001417 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-19 13:25 - 2015-03-29 00:26 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2015-06-19 13:05 - 2014-10-07 20:21 - 00001294 _____ C:\Users\admin\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2015-06-19 12:52 - 2014-08-16 12:14 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2015-06-19 12:48 - 2015-03-10 23:44 - 00000000 ____D C:\Users\admin\Tracing
2015-06-19 12:17 - 2015-04-26 11:02 - 00001789 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-19 12:17 - 2015-03-29 00:10 - 00000983 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-19 12:17 - 2015-03-10 23:41 - 00002717 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-19 12:17 - 2015-01-24 21:28 - 00002605 _____ C:\Users\Public\Desktop\iSpy64.lnk
2015-06-19 12:17 - 2015-01-11 22:24 - 00001156 _____ C:\Users\admin\Desktop\Blur.lnk
2015-06-19 12:17 - 2014-11-01 01:11 - 00000991 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-19 12:05 - 2009-07-14 04:34 - 00000505 _____ C:\Windows\win.ini
2015-06-18 18:51 - 2015-01-22 19:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\iSpy
2015-06-17 06:11 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-11 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 16:03 - 2009-07-14 06:45 - 00416688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 08:46 - 2015-01-24 16:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 08:46 - 2014-04-22 20:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 13:51 - 2014-04-05 15:58 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 13:51 - 2014-04-05 15:58 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 13:35 - 2014-04-05 14:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 13:35 - 2014-04-05 14:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 13:35 - 2014-04-05 14:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-07 14:39 - 2015-03-29 00:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-07 14:38 - 2015-03-29 00:10 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\admin\AppData\Roaming\IVRaAuPZ53HmhODfZcM
2015-04-23 21:35 - 2015-04-23 21:36 - 0011602 _____ () C:\Users\admin\AppData\Local\Temp-log.txt
2015-06-19 12:21 - 2015-06-19 12:21 - 0000000 _____ () C:\Users\admin\AppData\Local\Temp.dat
2014-07-14 19:30 - 2014-07-14 19:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 06:47

==================== End of log ============================

Liebe Grüße

schrauber 24.06.2015 06:31
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 Supportive Squadron; C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe [65536 2015-06-19] () [File not signed]
C:\Users\admin\AppData\Roaming\Supportive Squadron
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Tafstar 24.06.2015 07:38
Einmal der FIXLOG



Code:
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by admin at 2015-06-24 07:35:23 Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 Supportive Squadron; C:\Users\admin\AppData\Roaming\Supportive Squadron\Supportive Squadron.exe [65536 2015-06-19] () [File not signed]
C:\Users\admin\AppData\Roaming\Supportive Squadron
Emptytemp:
       
*****************


"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" folder => Scheduled to move on reboot.

C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2086946254-1975008648-3401415134-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Supportive Squadron => Service stopped successfully.
Supportive Squadron => Service removed successfully

"C:\Users\admin\AppData\Roaming\Supportive Squadron" folder move:

Could not move "C:\Users\admin\AppData\Roaming\Supportive Squadron" folder => Scheduled to move on reboot.

EmptyTemp: => 265.3 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-24 07:39:16)<=

C:\Windows\system32\GroupPolicy\Machine => Is moved successfully
C:\Users\admin\AppData\Roaming\Supportive Squadron => Is moved successfully

==== End of Fixlog 07:39:17 ====
Den Rest schicke ich nachher. Hatte Nachtschicht :-( Der Scan läuft noch sind mittlerweile 39 Funde.

Liebe Grüße und danke für die tolle und intensive Hilfe.

Gute Nacht :-)

schrauber 24.06.2015 11:44
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:36 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131